summaryrefslogtreecommitdiff
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-07-02 14:08:48 +0100
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-07-02 14:08:48 +0100
commitac4cec443a80bfde829516e7a7db10f7325aa528 (patch)
tree599801be12aa415d1c734cde37b1c2378fc6fe98 /kernel/auditsc.c
parent7b430437c0de81681ecfa8efa8f55823df733529 (diff)
downloadlwn-ac4cec443a80bfde829516e7a7db10f7325aa528.tar.gz
lwn-ac4cec443a80bfde829516e7a7db10f7325aa528.zip
AUDIT: Stop waiting for backlog after audit_panic() happens
We force a rate-limit on auditable events by making them wait for space on the backlog queue. However, if auditd really is AWOL then this could potentially bring the entire system to a halt, depending on the audit rules in effect. Firstly, make sure the wait time is honoured correctly -- it's the maximum time the process should wait, rather than the time to wait _each_ time round the loop. We were getting re-woken _each_ time a packet was dequeued, and the timeout was being restarted each time. Secondly, reset the wait time after audit_panic() is called. In general this will be reset to zero, to allow progress to be made. If the system is configured to _actually_ panic on audit_panic() then that will already have happened; otherwise we know that audit records are being lost anyway. These two tunables can't be exposed via AUDIT_GET and AUDIT_SET because those aren't particularly well-designed. It probably should have been done by sysctls or sysfs anyway -- one for a later patch. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel/auditsc.c')
0 files changed, 0 insertions, 0 deletions