Netlink Socket Problem
Timothy R. Chavez
chavezt at gmail.com
Tue Mar 1 00:08:51 UTC 2005
On Mon, 28 Feb 2005 17:48:28 -0500, Steve Grubb <sgrubb at redhat.com> wrote:
<snip>
>
> What happens in real life is that passwd is going to log some data to the
> audit system and opens a socket, then it collects the passwords, if
> everything is OK, it passes the passwords to pam for authentication token
> update. Pam decides that it needs to do some logging of its own and opens
> descriptors to the audit system. They fail like above, EAGAIN.
>
> Does any of you kernel hackers know why apps are limited to 1 netlink socket
> connection? Can someone else verify the problem?
>
> I think I can fix the problem by constantly closing and opening connections,
> but that is ugly and not efficient. This "bug/feature" is holding up the
> release of the next version of audit and patched trusted programs.
Though I don't know what's going on here, you could also just share
auditd's netlink connection and have trusted programs talk to auditd
(ie: passwd says to auditd, "Hey auditd, send this message to the
kernelm, thanks") rather then opening/closing the netlink connection
repeatedly. It's probably a bad idea for various reasons, though --
added complexity to auditd being one.
--
- Timothy R. Chavez
More information about the Linux-audit
mailing list