Re: [PATCH] fixup! audit: try harder to send to auditd upon netlink failure
From: Richard Guy Briggs
Date: Sat Sep 19 2015 - 17:52:47 EST
On 15/09/18, Paul Moore wrote:
> On Friday, September 18, 2015 03:52:43 AM Richard Guy Briggs wrote:
> > A bug was introduced by "audit: try harder to send to auditd upon
> > netlink failure", caused by incomplete code and a function that expects
> > a string and does not accept a format plus arguments. Create a
> > temporary string variable to assemble the output text. It could be
> > merged as a fixup if it is not yet upstream.
>
> Ungh, that's embarrassing; I really should have caught that in review. Sigh.
> At least it shouldn't cause anything to blow up, just a less than helpful
> message.
Yup, just useless noise.
> I pulled the original patch from linux-audit#next just now, I'll re-add it
> once we sort this out.
Ok...
> Comments below ...
Likewise...
> > Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> > ---
> > kernel/audit.c | 5 ++++-
> > 1 files changed, 4 insertions(+), 1 deletions(-)
> >
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 18cdfe2..60913e6 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -420,7 +420,10 @@ restart:
> > if (audit_pid) {
> > if (err == -ECONNREFUSED || err == -EPERM
> >
> > || ++attempts >= AUDITD_RETRIES) {
> >
> > - audit_log_lost("audit_pid=%d reset");
> > + char s[32];
> > +
> > + sprintf(s, "audit_pid=%d reset", audit_pid);
> > + audit_log_lost(s);
>
> Granted 32 bytes should be big enough for the string, but I would feel better
> if we used snprintf() here; make the change and I'll merge the patch with the
> original and push it back to linux-audit#next.
Done...
> Normally I'm not a big fan of amending patches after they have been committed,
> but in this case it is in the next branch (doing this for upstream or stable-X
> is a big "no") and nothing sits on top of it.
That's the only reason I suggested it...
> > audit_pid = 0;
> > audit_sock = NULL;
> > } else {
>
> paul moore
- RGB
--
Richard Guy Briggs <rbriggs@xxxxxxxxxx>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/