From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tony Jones <tonyj@suse.de>
Subject: PATCH: ausearch doesn't correcly act as a filter when no EOF on
	input
Date: Mon, 17 Nov 2008 16:17:54 -0800
Message-ID: <20081118001753.GA10221@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

This was filed as a bug in our bugzilla.

works : cat /var/log/audit/audit.log | ausearch -i -if /dev/stdin | cat
doesnt: tail -f /var/log/audit/audit.log | ausearch -i -if /dev/stdin | cat

Obviously it's a contrived example, they have more interesting processes each
side of the filter.   Issue is that tail -f never indicates EOF and if ausearch
stdout is a pipe (versus a file), the output can remain queued in the pipebuf.

Following patch fixes it, or a simpler patch could unconditionally flush stdout.

I've not looked for similar issues elsewhere.

Tony


--- ausearch.c.old	2008-11-17 15:55:47.000000000 -0800
+++ ausearch.c	2008-11-17 16:06:54.000000000 -0800
@@ -58,11 +58,11 @@
 extern int match(llist *l);
 extern void output_record(llist *l);
 
-static int input_is_pipe(void)
+static int is_pipe(int fd)
 {
 	struct stat st;
 
-	if (fstat(0, &st) == 0) {
+	if (fstat(fd, &st) == 0) {
 		if (S_ISFIFO(st.st_mode)) 
 			pipe_mode = 1;
 	}
@@ -92,7 +92,7 @@
 		rc = process_file(user_file);
 	else if (force_logs)
 		rc = process_logs();
-	else if (input_is_pipe())
+	else if (is_pipe(0))
 		rc = process_stdin();
 	else
 		rc = process_logs();
@@ -175,6 +175,7 @@
 {
 	llist entries; // entries in a record
 	int ret;
+	int flush = is_pipe(1);
 
 	/* For each record in file */
 	list_create(&entries);
@@ -185,6 +186,8 @@
 		}
 		if (match(&entries)) {
 			output_record(&entries);
+			if (flush) 
+				fflush(stdout);
 			found = 1;
 			if (just_one) {
 				list_clear(&entries);