[RFC PATCH 7/7] audit: wake up kauditd_thread after auditd registers
Paul Moore
paul at paul-moore.com
Fri Nov 6 01:23:15 UTC 2015
On Thursday, October 22, 2015 02:53:20 PM Richard Guy Briggs wrote:
> When auditd is restarted, even though the kauditd_thread is present, it
> remains dormant until the next audit log message is queued.
>
> Wake up the kauditd_thread in the kauditd_wait queue immediately when
> auditd registers its availability to drain the queue.
>
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> kernel/audit.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
See my 6/7 comment ... this could/should go in the auditd_register() function.
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 688fa1e..369cfcc 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -885,6 +885,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct
> nlmsghdr *nlh) audit_sock = skb->sk;
> if (!audit_pid)
> wake_up(&audit_backlog_wait);
> + if (audit_pid)
> + wake_up_interruptible(&kauditd_wait);
> }
> if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
> err = audit_set_rate_limit(s.rate_limit);
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list