rpms/audit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Auditd is stopping during upgrade (bz 2259610)

Browse Source
This commit is contained in:
Steve Grubb 2024-01-24 10:01:45 -05:00
parent 6bfe2081f1
commit 12a69cde63
2 changed files with 69 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
audit-4.0-attributes.patch Normal file
View File

@ -0,0 +1,45 @@
From 0db6e0960a5c55b468f21f9841bbc7e67832b66a Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Wed, 17 Jan 2024 12:07:25 -0500
Subject: [PATCH] Update function attributes
---
auparse/auparse.h | 2 +-
lib/libaudit.h | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/auparse/auparse.h b/auparse/auparse.h
index c27f1ff96..0b3f68c35 100644
--- a/auparse/auparse.h
+++ b/auparse/auparse.h
@@ -68,7 +68,7 @@ void auparse_add_callback(auparse_state_t *au, auparse_callback_ptr callback,
void *user_data, user_destroy user_destroy_func);
void auparse_set_escape_mode(auparse_state_t *au, auparse_esc_t mode);
int auparse_reset(auparse_state_t *au);
-char *auparse_metrics(const auparse_state_t *au);
+char *auparse_metrics(const auparse_state_t *au) __attr_dealloc_free;
/* Functions that are part of the search interface */
int ausearch_add_expression(auparse_state_t *au, const char *expression,
diff --git a/lib/libaudit.h b/lib/libaudit.h
index 34b337a7c..15ea2e6f4 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -248,12 +248,12 @@ int audit_set_enabled(int fd, uint32_t enabled) __wur;
int audit_set_failure(int fd, uint32_t failure) __wur;
int audit_set_rate_limit(int fd, uint32_t limit);
int audit_set_backlog_limit(int fd, uint32_t limit);
-int audit_set_backlog_wait_time(int fd, uint32_t bwt);
-int audit_reset_lost(int fd);
-int audit_reset_backlog_wait_time_actual(int fd);
+int audit_set_backlog_wait_time(int fd, uint32_t bwt);
+int audit_reset_lost(int fd);
+int audit_reset_backlog_wait_time_actual(int fd);
int audit_set_feature(int fd, unsigned feature, unsigned value,
- unsigned lock);
-int audit_set_loginuid_immutable(int fd);
+ unsigned lock) __wur;
+int audit_set_loginuid_immutable(int fd) __wur;
/* AUDIT_LIST_RULES */
int audit_request_rules_list_data(int fd);

37
audit.spec
View File

@ -2,12 +2,12 @@
Summary: User space tools for kernel auditing Summary: User space tools for kernel auditing
Name: audit Name: audit
Version: 4.0 Version: 4.0
Release: 3%{?dist} Release: 4%{?dist}
License: GPL-2.0-or-later AND LGPL-2.0-or-later License: GPL-2.0-or-later AND LGPL-2.0-or-later
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch1: audit-4.0-attributes.patch
BuildRequires: make gcc BuildRequires: make gcc
BuildRequires: kernel-headers >= 5.0 BuildRequires: kernel-headers >= 5.0
BuildRequires: systemd BuildRequires: systemd
@ -96,6 +96,7 @@ The audit rules package contains the rules and utilities to load audit rules.
%prep %prep
%setup -q %setup -q
%patch 1 -p1
cp %{SOURCE1} . cp %{SOURCE1} .
# Remove the ids code, its not ready # Remove the ids code, its not ready
@ -137,8 +138,20 @@ rm -f rules/Makefile*
%post %post
%systemd_post auditd.service %systemd_post auditd.service
# If an upgrade, restart it if it's running
if [ $1 -eq 2 ]; then
state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
if [ $state = "active" ] ; then
auditctl --signal stop || true
systemctl start auditd
fi
# if an install, start it since preset says we should be running
elif [ $1 -eq 1 ]; then
systemctl start auditd
fi
%post rules %post rules
%systemd_post audit-rules.service
# Copy default rules into place on new installation # Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then if [ "$files" -eq 0 ] ; then
@ -154,31 +167,26 @@ if [ "$files" -eq 0 ] ; then
else else
touch /etc/audit/rules.d/audit.rules touch /etc/audit/rules.d/audit.rules
fi fi
# Fix up permissions
chmod 0600 /etc/audit/rules.d/audit.rules chmod 0600 /etc/audit/rules.d/audit.rules
# Make the new rules active
augenrules --load
fi fi
%systemd_post audit-rules.service
%preun %preun
%systemd_preun auditd.service %systemd_preun auditd.service
# If uninstalling, stop it
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
auditctl --signal stop auditctl --signal stop || true
fi fi
%preun rules %preun rules
%systemd_preun audit-rules.service %systemd_preun audit-rules.service
# If uninstalling, delete the rules loaded in the kernel
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
auditctl -D > /dev/null 2>&1 auditctl -D > /dev/null 2>&1
fi fi
%postun
if [ $1 -ge 1 ]; then
state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
if [ $state = "active" ] ; then
auditctl --signal stop
systemctl start auditd
fi
fi
%files libs %files libs
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license lgpl-2.1.txt %license lgpl-2.1.txt
@ -278,6 +286,9 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog %changelog
* Wed Jan 24 2024 Steve Grubb <sgrubb@redhat.com> 4.0-4
- Auditd is stopping during upgrade (bz 2259610)
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-3 * Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild