From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753731AbbIRUeB (ORCPT ); Fri, 18 Sep 2015 16:34:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:53090 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753112AbbIRUeA (ORCPT ); Fri, 18 Sep 2015 16:34:00 -0400 From: Paul Moore To: Richard Guy Briggs Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, sgrubb@redhat.com, eparis@redhat.com, v.rathor@gmail.com, ctcard@hotmail.com Subject: Re: [PATCH] fixup! audit: try harder to send to auditd upon netlink failure Date: Fri, 18 Sep 2015 16:33:59 -0400 Message-ID: <1569995.Ps6FDGqW2H@sifl> Organization: Red Hat User-Agent: KMail/4.14.10 (Linux/4.1.5-gentoo; KDE/4.14.12; x86_64; ; ) In-Reply-To: <89a693758cd8f511892fe54c2e4aaf2cfca89e89.1442562580.git.rgb@redhat.com> References: <89a693758cd8f511892fe54c2e4aaf2cfca89e89.1442562580.git.rgb@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Friday, September 18, 2015 03:52:43 AM Richard Guy Briggs wrote: > A bug was introduced by "audit: try harder to send to auditd upon > netlink failure", caused by incomplete code and a function that expects > a string and does not accept a format plus arguments. Create a > temporary string variable to assemble the output text. It could be > merged as a fixup if it is not yet upstream. Ungh, that's embarrassing; I really should have caught that in review. Sigh. At least it shouldn't cause anything to blow up, just a less than helpful message. I pulled the original patch from linux-audit#next just now, I'll re-add it once we sort this out. Comments below ... > Signed-off-by: Richard Guy Briggs > --- > kernel/audit.c | 5 ++++- > 1 files changed, 4 insertions(+), 1 deletions(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index 18cdfe2..60913e6 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -420,7 +420,10 @@ restart: > if (audit_pid) { > if (err == -ECONNREFUSED || err == -EPERM > > || ++attempts >= AUDITD_RETRIES) { > > - audit_log_lost("audit_pid=%d reset"); > + char s[32]; > + > + sprintf(s, "audit_pid=%d reset", audit_pid); > + audit_log_lost(s); Granted 32 bytes should be big enough for the string, but I would feel better if we used snprintf() here; make the change and I'll merge the patch with the original and push it back to linux-audit#next. Normally I'm not a big fan of amending patches after they have been committed, but in this case it is in the next branch (doing this for upstream or stable-X is a big "no") and nothing sits on top of it. > audit_pid = 0; > audit_sock = NULL; > } else { -- paul moore security @ redhat