On 2013-02-09 11:57:32, Steve Grubb wrote: > On Friday, February 08, 2013 07:12:34 PM Tyler Hicks wrote: > > When building with -D_FORTIFY_SOURCE=2 and -W-unused-return, there are a > > number of warnings caused by return values of functions marked with the > > warn_unused_result attribute being ignored. The audit codebase makes an > > attempt to suppress these warnings by casting the return value to void, but > > that does not work when D_FORITY_SOURCE is in use. > > > > Here's an explanation of how this patch fixes the warnings and how the > > potential error conditions are handled: > > > > Errors writing to the auditd pid file should be logged since errors opening > > the pid file are logged. These write() errors aren't treated as fatal. > > > > Problems adjusting auditd's out of memory score should be logged, if simply > > to catch a change to the kernel interface. These errors aren't treated as > > fatal. > > > > Auditd refuses to start when nice() fails during initialization, so it > > should take disk_error_action whenever nice() fails during a reconfigure. > > During a reconfigure, I would not consider this fatal. Its better to stay > running than exit. I'll adjust the patch. That's probably the best way to go. Thanks for getting these applied. Tyler > > -Steve > > > Failure to chdir("/") while daemonizing should be logged and treated as > > fatal since errors while redirecting stdin, stdout, and stderr are logged > > and considered fatal. > > > > All nice() return values are handled sufficiently by relying on errno. > > However, they still throw warnings when D_FORTIFY_SOURCE is used. This patch > > quiets those warnings by capturing the return value and using it and errno > > to determine if nice() failed. > > > > Failure to adjust audit log file owner (fchown) and permissions (fchmod) are > > logged and considered fatal when opening the log file for the first time. > > They are not treated as fatal when the operations fail on during log > > rotation since we made sure that they file owner and permissions were > > correct when originally opening the log file.