AUDIT: Wait for backlog to clear when generating messages.

Add a gfp_mask to audit_log_start() and audit_log(), to reduce the amount of GFP_ATOMIC allocation -- most of it doesn't need to be GFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to 60 seconds for the auditd backlog to clear instead of immediately abandoning the message. The timeout should probably be made configurable, but for now it'll suffice that it only happens if auditd is actually running. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
author: David Woodhouse <dwmw2@shinybook.infradead.org> 2005-06-22 10:04:33 -0400
committer: David Woodhouse <dwmw2@shinybook.infradead.org> 2005-06-22 10:04:33 -0400
commit: 9ad9ad385be27fcc7c16d290d972c6173e780a61 (patch)
tree: bbca700c2d88ba421a6c9c348de367eaf4de0e2c /security/selinux/ss/services.c
parent: 177bbc733a1d9c935bc3d6efd776a6699b29b1ca (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b6149147d5cb..2947cf85dc56 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
                goto out;
        if (context_struct_to_string(tcontext, &t, &tlen) < 0)
                goto out;
-        audit_log(current->audit_context, AUDIT_SELINUX_ERR,
+        audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
                  "security_validate_transition:  denied for"
                  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
                  o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
                goto out;
        if (context_struct_to_string(newcontext, &n, &nlen) < 0)
                goto out;
-        audit_log(current->audit_context, AUDIT_SELINUX_ERR,
+        audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
                  "security_compute_sid:  invalid context %s"
                  " for scontext=%s"
                  " tcontext=%s"
author	David Woodhouse <dwmw2@shinybook.infradead.org>	2005-06-22 10:04:33 -0400
committer	David Woodhouse <dwmw2@shinybook.infradead.org>	2005-06-22 10:04:33 -0400
commit	9ad9ad385be27fcc7c16d290d972c6173e780a61 (patch)
tree	bbca700c2d88ba421a6c9c348de367eaf4de0e2c /security/selinux/ss/services.c
parent	177bbc733a1d9c935bc3d6efd776a6699b29b1ca (diff)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index b6149147d5cb..2947cf85dc56 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
365	goto out;	365	goto out;
366	if (context_struct_to_string(tcontext, &t, &tlen) < 0)	366	if (context_struct_to_string(tcontext, &t, &tlen) < 0)
367	goto out;	367	goto out;
368	audit_log(current->audit_context, AUDIT_SELINUX_ERR,	368	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
369	"security_validate_transition: denied for"	369	"security_validate_transition: denied for"
370	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",	370	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
371	o, n, t, policydb.p_class_val_to_name[tclass-1]);	371	o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
742	goto out;	742	goto out;
743	if (context_struct_to_string(newcontext, &n, &nlen) < 0)	743	if (context_struct_to_string(newcontext, &n, &nlen) < 0)
744	goto out;	744	goto out;
745	audit_log(current->audit_context, AUDIT_SELINUX_ERR,	745	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
746	"security_compute_sid: invalid context %s"	746	"security_compute_sid: invalid context %s"
747	" for scontext=%s"	747	" for scontext=%s"
748	" tcontext=%s"	748	" tcontext=%s"