Ignore SIGSYS when BSM is compiled in. Otherwise, attempt to invoke su on
system that don't have audit framefork compiled into kernel or ia32 binary
on amd64 system will result in SIGSYS. There is one place in su.c itself
where it tries to check for errno != ENOSYS, but it has been a nop since su
does not catch SIGSYS anyway. There are few other places in libbsm,
where attempt to invoke audit syscal would result in SIGSYS if no audit
support is present in the kernel, so that the only reliable method for
now is to disable SIGSYS completely in the case when BSM is compiled in.
In the long run, both direct invocation of audit-related syscalls and
libbsm should be made more intellegent to handle the case when BSM is not
compiled into the kernel gracefully.
MFC after: 3 days
(provided re@ approval)
This commit is contained in:
sobomax
parent
b55d55f173
commit
1d06416b30
@ -173,6 +173,8 @@ main(int argc, char *argv[])
|
||||
#ifdef USE_BSM_AUDIT
|
||||
const char *aerr;
|
||||
au_id_t auid;
|
||||
|
||||
signal(SIGSYS, SIG_IGN);
|
||||
#endif
|
||||
|
||||
shell = class = cleanenv = NULL;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user