diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2013-09-18 11:55:12 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2014-01-13 22:28:45 -0500 |
| commit | 51cc83f024ee51de9da70c17e01ec6de524f5906 (patch) | |
| tree | 65836321a3abcd33bb913675904fde92a09df326 /kernel/audit.c | |
| parent | 09f883a9023e7a86f92c731e80f30a9447f4bdbe (diff) | |
audit: add audit_backlog_wait_time configuration option
reaahead-collector abuses the audit logging facility to discover which files
are accessed at boot time to make a pre-load list
Add a tuning option to audit_backlog_wait_time so that if auditd can't keep up,
or gets blocked, the callers won't be blocked.
Bump audit_status API version to "2".
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 80b7de02947b..37ba59936dc5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -334,6 +334,12 @@ static int audit_set_backlog_limit(int limit) return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); } +static int audit_set_backlog_wait_time(int timeout) +{ + return audit_do_config_change("audit_backlog_wait_time", + &audit_backlog_wait_time, timeout); +} + static int audit_set_enabled(int state) { int rc; @@ -778,7 +784,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) s.backlog_limit = audit_backlog_limit; s.lost = atomic_read(&audit_lost); s.backlog = skb_queue_len(&audit_skb_queue); - s.version = 1; + s.version = 2; + s.backlog_wait_time = audit_backlog_wait_time; audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); break; @@ -812,8 +819,28 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (err < 0) return err; } - if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) + if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) { err = audit_set_backlog_limit(s.backlog_limit); + if (err < 0) + return err; + } + switch (s.version) { + /* add future vers # cases immediately below and allow + * to fall through */ + case 2: + if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) { + if (sizeof(s) > (size_t)nlh->nlmsg_len) + return -EINVAL; + if (s.backlog_wait_time < 0 || + s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME) + return -EINVAL; + err = audit_set_backlog_wait_time(s.backlog_wait_time); + if (err < 0) + return err; + } + default: + break; + } break; } case AUDIT_GET_FEATURE: |