rpms/audit
6
0
Fork 0
Code Issues Pull Requests Releases Activity

ausearch-checkpoint race condition fix

Browse Source 
Resolves: RHEL-86896
This commit is contained in:
Cropi 2025-04-11 13:39:08 +02:00
parent 93d73cb474
commit 097a710882
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
audit.spec
View File

@ -2,7 +2,7 @@
Summary: User space tools for kernel auditing Summary: User space tools for kernel auditing
Name: audit Name: audit
Version: 4.0.3 Version: 4.0.3
Release: 3%{?dist} Release: 4%{?dist}
License: GPL-2.0-or-later AND LGPL-2.0-or-later License: GPL-2.0-or-later AND LGPL-2.0-or-later
URL: https://github.com/linux-audit/audit-userspace/ URL: https://github.com/linux-audit/audit-userspace/
Source0: https://github.com/linux-audit/audit-userspace/archive/refs/tags/v%{version}.tar.gz Source0: https://github.com/linux-audit/audit-userspace/archive/refs/tags/v%{version}.tar.gz
@ -19,6 +19,7 @@ Patch3: warning-before-HALT.patch
Patch4: TTY-hostname.patch Patch4: TTY-hostname.patch
Patch5: permtab-unsupport-syscalls-v1.patch Patch5: permtab-unsupport-syscalls-v1.patch
Patch6: permtab-unsupport-syscalls-v2.patch Patch6: permtab-unsupport-syscalls-v2.patch
Patch7: ausearch-checkpoint-race.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Recommends: %{name}-rules%{?_isa} = %{version}-%{release} Recommends: %{name}-rules%{?_isa} = %{version}-%{release}
@ -112,6 +113,7 @@ The audit rules package contains the rules and utilities to load audit rules.
%patch -P 4 -p1 %patch -P 4 -p1
%patch -P 5 -p1 %patch -P 5 -p1
%patch -P 6 -p1 %patch -P 6 -p1
%patch -P 7 -p1
cp %{SOURCE1} . cp %{SOURCE1} .
%build %build
@ -313,6 +315,10 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog %changelog
* Fri Apr 11 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-4
- ausearch-checkpoint race condition fix
Resolves: RHEL-86896
* Fri Apr 04 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-3 * Fri Apr 04 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-3
- Adjust dependency between audit and audit-rules - Adjust dependency between audit and audit-rules
Resolves: RHEL-77141 Resolves: RHEL-77141

35
ausearch-checkpoint-race.patch Normal file
View File

@ -0,0 +1,35 @@
diff --git a/src/ausearch.c b/src/ausearch.c
index 3bf95b5a..cf77ba14 100644
--- a/src/ausearch.c
+++ b/src/ausearch.c
@@ -464,6 +464,17 @@ static int process_log_fd(void)
if ((ret != 0)||(entries->cnt == 0))
break;
+ /*
+ * If we are checkpointing, decide if we output this event.
+ * We need to do it as early as here. The chkpt_input_levent event
+ * might not match the entries, so we need to ensure that we don't
+ * skip the event that is the checkpoint event. That is the marking point
+ * from which we start outputting events. Leaving that event out will produce
+ * empty results.
+ */
+ if (checkpt_filename)
+ do_output = chkpt_output_decision(&entries->e);
+
/*
* We flush all events on the last log file being processed.
* Thus incomplete events are 'carried forward' to be
@@ -471,12 +482,6 @@ static int process_log_fd(void)
* in the next file we are about to process.
*/
if (match(entries)) {
- /*
- * If we are checkpointing, decide if we output
- * this event
- */
- if (checkpt_filename)
- do_output = chkpt_output_decision(&entries->e);
if (do_output == 1) {
found = 1;