audit: handle a clean auditd shutdown with grace

When auditd stops cleanly it sets 'auditd_pid' to 0 with an AUDIT_SET message, in this case we should reset our backlog queues via the auditd_reset() function. This patch also adds a 'auditd_pid' check to the top of kauditd_send_unicast_skb() so we can fail quicker. Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2016-11-29 16:53:26 -0500
committer: Paul Moore <paul@paul-moore.com> 2016-12-14 13:06:04 -0500
commit: 6c54e7899693dee3db67ea996e9be0e10f67920f (patch)
tree: da2218357864e7fcb1e111d913e27d5b3c5f3bed
parent: e1d166212894d9d959a601c4802882b877bb420a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 0572e5dcfda7..b447a6b1fdc8 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -468,6 +468,10 @@ static int kauditd_send_unicast_skb(struct sk_buff *skb)
 {
        int rc;
+        /* if we know nothing is connected, don't even try the netlink call */
+        if (!audit_pid)
+                return -ECONNREFUSED;
        /* get an extra skb reference in case we fail to send */
        skb_get(skb);
        rc = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
@@ -1009,6 +1013,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        audit_pid = new_pid;
                        audit_nlk_portid = NETLINK_CB(skb).portid;
                        audit_sock = skb->sk;
+                        if (!new_pid)
+                                auditd_reset();
                        wake_up_interruptible(&kauditd_wait);
                }
                if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
author	Paul Moore <paul@paul-moore.com>	2016-11-29 16:53:26 -0500
committer	Paul Moore <paul@paul-moore.com>	2016-12-14 13:06:04 -0500
commit	6c54e7899693dee3db67ea996e9be0e10f67920f (patch)
tree	da2218357864e7fcb1e111d913e27d5b3c5f3bed
parent	e1d166212894d9d959a601c4802882b877bb420a (diff)