summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2017-06-12 11:53:09 -0400
committerPaul Moore <paul@paul-moore.com>2017-06-16 11:51:00 -0400
commitcd33f5f2cbfaadc21270f3ddac7c3c33e0a1a28c (patch)
tree3be1a586eff217110d3be300432b81aa63c71dff
parentc81be52a3ac0267aa830a2c4cb769030ea3483c9 (diff)
audit: make sure we never skip the multicast broadcast
When the auditd connection is reset, either intentionally or due to a failure, any records that were in the main backlog queue would not be sent in a multicast broadcast. This patch fixes this problem by not flushing the main backlog queue on a connection reset, the main kauditd_thread() will take care of that normally. Resolves: https://github.com/linux-audit/audit-kernel/issues/41 Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--kernel/audit.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index e1e2b3abfb93..7cad70214b81 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -605,11 +605,10 @@ static void auditd_reset(const struct auditd_connection *ac)
if (ac_old)
call_rcu(&ac_old->rcu, auditd_conn_free);
- /* flush all of the main and retry queues to the hold queue */
+ /* flush the retry queue to the hold queue, but don't touch the main
+ * queue since we need to process that normally for multicast */
while ((skb = skb_dequeue(&audit_retry_queue)))
kauditd_hold_skb(skb);
- while ((skb = skb_dequeue(&audit_queue)))
- kauditd_hold_skb(skb);
}
/**