On 2013-02-09 11:57:32, Steve Grubb wrote: > On Friday, February 08, 2013 07:12:34 PM Tyler Hicks wrote: > > When building with -D_FORTIFY_SOURCE=2 and -W-unused-return, there are a > > number of warnings caused by return values of functions marked with the > > warn_unused_result attribute being ignored. The audit codebase makes an > > attempt to suppress these warnings by casting the return value to void, but > > that does not work when D_FORITY_SOURCE is in use. > > > > Here's an explanation of how this patch fixes the warnings and how the > > potential error conditions are handled: > > > > Errors writing to the auditd pid file should be logged since errors opening > > the pid file are logged. These write() errors aren't treated as fatal. > > > > Problems adjusting auditd's out of memory score should be logged, if simply > > to catch a change to the kernel interface. These errors aren't treated as > > fatal. > > > > Auditd refuses to start when nice() fails during initialization, so it > > should take disk_error_action whenever nice() fails during a reconfigure. > > During a reconfigure, I would not consider this fatal. Its better to stay > running than exit. I'll adjust the patch.
That's probably the best way to go.
Thanks for getting these applied.
Tyler
>
> -Steve
>
> > Failure to chdir("/") while daemonizing should be logged and treated as
> > fatal since errors while redirecting stdin, stdout, and stderr are logged
> > and considered fatal.
> >
> > All nice() return values are handled sufficiently by relying on errno.
> > However, they still throw warnings when D_FORTIFY_SOURCE is used. This patch
> > quiets those warnings by capturing the return value and using it and errno
> > to determine if nice() failed.
> >
> > Failure to adjust audit log file owner (fchown) and permissions (fchmod) are
> > logged and considered fatal when opening the log file for the first time.
> > They are not treated as fatal when the operations fail on during log
> > rotation since we made sure that they file owner and permissions were
> > correct when originally opening the log file.
signature.asc
Description: Digital signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
