On 2013-02-09 11:57:32, Steve Grubb wrote:
> On Friday, February 08, 2013 07:12:34 PM Tyler Hicks wrote:
> > When building with -D_FORTIFY_SOURCE=2 and -W-unused-return, there are a
> > number of warnings caused by return values of functions marked with the
> > warn_unused_result attribute being ignored. The audit codebase makes an
> > attempt to suppress these warnings by casting the return value to void, but
> > that does not work when D_FORITY_SOURCE is in use.
> > 
> > Here's an explanation of how this patch fixes the warnings and how the
> > potential error conditions are handled:
> > 
> > Errors writing to the auditd pid file should be logged since errors opening
> > the pid file are logged. These write() errors aren't treated as fatal.
> > 
> > Problems adjusting auditd's out of memory score should be logged, if simply
> > to catch a change to the kernel interface. These errors aren't treated as
> > fatal.
> > 
> > Auditd refuses to start when nice() fails during initialization, so it
> > should take disk_error_action whenever nice() fails during a reconfigure.
> 
> During a reconfigure, I would not consider this fatal. Its better to stay 
> running than exit. I'll adjust the patch.

That's probably the best way to go.

Thanks for getting these applied.

Tyler

> 
> -Steve
> 
> > Failure to chdir("/") while daemonizing should be logged and treated as
> > fatal since errors while redirecting stdin, stdout, and stderr are logged
> > and considered fatal.
> >
> > All nice() return values are handled sufficiently by relying on errno.
> > However, they still throw warnings when D_FORTIFY_SOURCE is used. This patch
> > quiets those warnings by capturing the return value and using it and errno
> > to determine if nice() failed.
> > 
> > Failure to adjust audit log file owner (fchown) and permissions (fchmod) are
> > logged and considered fatal when opening the log file for the first time.
> > They are not treated as fatal when the operations fail on during log
> > rotation since we made sure that they file owner and permissions were
> > correct when originally opening the log file.

Attachment: signature.asc
Description: Digital signature

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to