svn commit: r243723 - head/sys/security/audit
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Nov 30 23:03:52 UTC 2012
Author: pjd
Date: Fri Nov 30 23:03:51 2012
New Revision: 243723
URL: http://svnweb.freebsd.org/changeset/base/243723
Log:
IFp4 @208383:
Currently when we discover that trail file is greater than configured
limit we send AUDIT_TRIGGER_ROTATE_KERNEL trigger to the auditd daemon
once. If for some reason auditd didn't rotate trail file it will never
be rotated.
Change it by sending the trigger when trail file size grows by the
configured limit. For example if the limit is 1MB, we will send trigger
on 1MB, 2MB, 3MB, etc.
This is also needed for the auditd change that will be committed soon
where auditd may ignore the trigger - it might be ignored if kernel
requests the trail file to be rotated too quickly (often than once a second)
which would result in overwriting previous trail file.
Sponsored by: FreeBSD Foundation (auditdistd)
MFC after: 2 weeks
Modified:
head/sys/security/audit/audit_worker.c
Modified: head/sys/security/audit/audit_worker.c
==============================================================================
--- head/sys/security/audit/audit_worker.c Fri Nov 30 22:59:20 2012 (r243722)
+++ head/sys/security/audit/audit_worker.c Fri Nov 30 23:03:51 2012 (r243723)
@@ -189,11 +189,11 @@ audit_record_write(struct vnode *vp, str
* to the daemon. This is only approximate, which is fine as more
* records may be generated before the daemon rotates the file.
*/
- if ((audit_fstat.af_filesz != 0) && (audit_file_rotate_wait == 0) &&
- (audit_size >= audit_fstat.af_filesz)) {
+ if (audit_fstat.af_filesz != 0 &&
+ audit_size >= audit_fstat.af_filesz * (audit_file_rotate_wait + 1)) {
AUDIT_WORKER_LOCK_ASSERT();
- audit_file_rotate_wait = 1;
+ audit_file_rotate_wait++;
(void)audit_send_trigger(AUDIT_TRIGGER_ROTATE_KERNEL);
}
More information about the svn-src-all
mailing list