diff options
| author | Alan Somers <asomers@FreeBSD.org> | 2018-07-03 17:37:16 +0000 |
|---|---|---|
| committer | Alan Somers <asomers@FreeBSD.org> | 2018-07-03 17:37:16 +0000 |
| commit | fb2cd86a54c4f7a45b67835dcf318c676c559014 (patch) | |
| tree | ed6f73278b9fb70c6598bbf42c4d1b2757fe57a0 /contrib/openbsm | |
| parent | c1920558b3c4efbeea4d0c833aa9cb4091533ff1 (diff) | |
| download | src-fb2cd86a54c4f7a45b67835dcf318c676c559014.tar.gz src-fb2cd86a54c4f7a45b67835dcf318c676c559014.zip | |
auditd(8): register signal handlers interrutibly
auditd_wait_for_events() relies on read(2) being interrupted by signals,
but it registers signal handlers with signal(3), which sets SA_RESTART.
That breaks asynchronous signal handling. It means that signals don't
actually get handled until after an audit(8) trigger is received.
Symptoms include:
* Sending SIGTERM to auditd doesn't kill it right away; you must send
SIGTERM and then send a trigger with auditon(2).
* Same with SIGHUP
* Zombie child processes don't get reaped until auditd receives a trigger
sent by auditon. This includes children created by expiring audit trails
at auditd startup.
Fix by using sigaction(2) instead of signal(3).
Cherry pick https://github.com/openbsm/openbsm/commit/d060887
PR: 229381
Reviewed by: cem
Obtained from: OpenBSM
MFC after: 2 weeks
Differential Revision: https://github.com/openbsm/openbsm/pull/36
Notes
Notes:
svn path=/head/; revision=335899
Diffstat (limited to 'contrib/openbsm')
| -rw-r--r-- | contrib/openbsm/bin/auditd/auditd.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 00d38149e580..a165cf314e08 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -415,27 +415,35 @@ close_all(void) static int register_daemon(void) { + struct sigaction action; FILE * pidfile; int fd; pid_t pid; /* Set up the signal hander. */ - if (signal(SIGTERM, auditd_relay_signal) == SIG_ERR) { + action.sa_handler = auditd_relay_signal; + /* + * sa_flags must not include SA_RESTART, so that read(2) will be + * interruptible in auditd_wait_for_events + */ + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + if (sigaction(SIGTERM, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGTERM"); fail_exit(); } - if (signal(SIGCHLD, auditd_relay_signal) == SIG_ERR) { + if (sigaction(SIGCHLD, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGCHLD"); fail_exit(); } - if (signal(SIGHUP, auditd_relay_signal) == SIG_ERR) { + if (sigaction(SIGHUP, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGHUP"); fail_exit(); } - if (signal(SIGALRM, auditd_relay_signal) == SIG_ERR) { + if (sigaction(SIGALRM, &action, NULL) != 0) { auditd_log_err( "Could not set signal handler for SIGALRM"); fail_exit(); |