726c74451f
auditd_wait_for_events() relies on read(2) being interrupted by signals, but it registers signal handlers with signal(3), which sets SA_RESTART. That breaks asynchronous signal handling. It means that signals don't actually get handled until after an audit(8) trigger is received. Symptoms include: * Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2). * Same with SIGHUP * Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup. Fix by using sigaction(2) instead of signal(3). Cherry pick https://github.com/openbsm/openbsm/commit/d060887 PR: 229381 Reviewed by: cem Obtained from: OpenBSM MFC after: 2 weeks Differential Revision: https://github.com/openbsm/openbsm/pull/36 |
||
---|---|---|
.. | ||
audit_triggers.defs | ||
audit_warn.c | ||
auditd_control.defs | ||
auditd_darwin.c | ||
auditd_fbsd.c | ||
auditd.8 | ||
auditd.c | ||
auditd.h | ||
Makefile.am | ||
Makefile.in |