audit: handle a clean auditd shutdown with grace
authorPaul Moore <paul@paul-moore.com>
Tue, 29 Nov 2016 21:53:26 +0000 (16:53 -0500)
committerPaul Moore <paul@paul-moore.com>
Wed, 14 Dec 2016 18:06:04 +0000 (13:06 -0500)
When auditd stops cleanly it sets 'auditd_pid' to 0 with an
AUDIT_SET message, in this case we should reset our backlog
queues via the auditd_reset() function.  This patch also adds
a 'auditd_pid' check to the top of kauditd_send_unicast_skb()
so we can fail quicker.

Signed-off-by: Paul Moore <paul@paul-moore.com>
kernel/audit.c

index 0572e5dcfda78db3b01a97a439f1111e4b76727f..b447a6b1fdc8fff7c31bcc785c666b15b31d0fdb 100644 (file)
@@ -468,6 +468,10 @@ static int kauditd_send_unicast_skb(struct sk_buff *skb)
 {
        int rc;
 
+       /* if we know nothing is connected, don't even try the netlink call */
+       if (!audit_pid)
+               return -ECONNREFUSED;
+
        /* get an extra skb reference in case we fail to send */
        skb_get(skb);
        rc = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
@@ -1009,6 +1013,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        audit_pid = new_pid;
                        audit_nlk_portid = NETLINK_CB(skb).portid;
                        audit_sock = skb->sk;
+                       if (!new_pid)
+                               auditd_reset();
                        wake_up_interruptible(&kauditd_wait);
                }
                if (s.mask & AUDIT_STATUS_RATE_LIMIT) {