summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2013-09-18 15:55:12 (GMT)
committerEric Paris <eparis@redhat.com>2014-01-14 03:28:45 (GMT)
commit51cc83f024ee51de9da70c17e01ec6de524f5906 (patch)
tree65836321a3abcd33bb913675904fde92a09df326
parent09f883a9023e7a86f92c731e80f30a9447f4bdbe (diff)
downloadlinux-51cc83f024ee51de9da70c17e01ec6de524f5906.tar.xz
audit: add audit_backlog_wait_time configuration option
reaahead-collector abuses the audit logging facility to discover which files are accessed at boot time to make a pre-load list Add a tuning option to audit_backlog_wait_time so that if auditd can't keep up, or gets blocked, the callers won't be blocked. Bump audit_status API version to "2". Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--include/uapi/linux/audit.h2
-rw-r--r--kernel/audit.c31
2 files changed, 31 insertions, 2 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 4fdedd4..14afb0d 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -319,6 +319,7 @@ enum {
#define AUDIT_STATUS_PID 0x0004
#define AUDIT_STATUS_RATE_LIMIT 0x0008
#define AUDIT_STATUS_BACKLOG_LIMIT 0x0010
+#define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020
/* Failure-to-log actions */
#define AUDIT_FAIL_SILENT 0
#define AUDIT_FAIL_PRINTK 1
@@ -377,6 +378,7 @@ struct audit_status {
__u32 lost; /* messages lost */
__u32 backlog; /* messages waiting in queue */
__u32 version; /* audit api version number */
+ __u32 backlog_wait_time;/* message queue wait timeout */
};
struct audit_features {
diff --git a/kernel/audit.c b/kernel/audit.c
index 80b7de0..37ba599 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -334,6 +334,12 @@ static int audit_set_backlog_limit(int limit)
return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit);
}
+static int audit_set_backlog_wait_time(int timeout)
+{
+ return audit_do_config_change("audit_backlog_wait_time",
+ &audit_backlog_wait_time, timeout);
+}
+
static int audit_set_enabled(int state)
{
int rc;
@@ -778,7 +784,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
s.backlog_limit = audit_backlog_limit;
s.lost = atomic_read(&audit_lost);
s.backlog = skb_queue_len(&audit_skb_queue);
- s.version = 1;
+ s.version = 2;
+ s.backlog_wait_time = audit_backlog_wait_time;
audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
&s, sizeof(s));
break;
@@ -812,8 +819,28 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (err < 0)
return err;
}
- if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT)
+ if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) {
err = audit_set_backlog_limit(s.backlog_limit);
+ if (err < 0)
+ return err;
+ }
+ switch (s.version) {
+ /* add future vers # cases immediately below and allow
+ * to fall through */
+ case 2:
+ if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) {
+ if (sizeof(s) > (size_t)nlh->nlmsg_len)
+ return -EINVAL;
+ if (s.backlog_wait_time < 0 ||
+ s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME)
+ return -EINVAL;
+ err = audit_set_backlog_wait_time(s.backlog_wait_time);
+ if (err < 0)
+ return err;
+ }
+ default:
+ break;
+ }
break;
}
case AUDIT_GET_FEATURE: