On Mon, Nov 11, 2013 at 12:21:33PM -0500, Eric Paris wrote: > On Wed, 2013-10-30 at 00:05 +0100, Mateusz Guzik wrote: > > Hello, > > > > I wrote a trivial patch for what I believe is a subsystem you maintain. > > > > I'm sending it privately first to ensure it looks ok at has proper > > recipients (I'm new to linux world, sorry :>). > > > > 'To' would be: [email protected] > > > > The rest is: > > > > From: Mateusz Guzik <[email protected]> > > Date: Tue, 29 Oct 2013 23:51:52 +0100 > > Subject: [PATCH] audit: get rid of *NO* daemon at audit_pid=0 message > > > > kauditd_send_skb is called after audit_pid was checked to be non-zero. > > > > However, it can be set to 0 due to auditd exiting while kauditd_send_skb > > is still executed and this can result in a spurious warning about missing > > auditd. > > > > Re-check audit_pid before printing the message.
I'm ok with this. It can't hurt. I'll queue it. > > Signed-off-by: Mateusz Guzik <[email protected]> > > Cc: Eric Paris <[email protected]> > > Cc: [email protected] > > Acked-by: Eric Paris <[email protected]> > > > kernel/audit.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/kernel/audit.c b/kernel/audit.c > > index 7b0e23a..a91a965 100644 > > --- a/kernel/audit.c > > +++ b/kernel/audit.c > > @@ -388,9 +388,11 @@ static void kauditd_send_skb(struct sk_buff *skb) > > err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0); > > if (err < 0) { > > BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */ > > - printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", > > audit_pid); > > - audit_log_lost("auditd disappeared\n"); > > - audit_pid = 0; > > + if (audit_pid) { > > + printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", > > audit_pid); > > + audit_log_lost("auditd disappeared\n"); > > + audit_pid = 0; > > + } > > /* we might get lucky and get this in the next auditd */ > > audit_hold_skb(skb); > > } else > > -- > > 1.8.3.1 > > > > Is this ok? > > > > Thanks, - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
