From owner-cvs-all@FreeBSD.ORG Wed Dec 6 23:55:26 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 66A1C16A415 for ; Wed, 6 Dec 2006 23:55:26 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.FreeBSD.org (Postfix) with SMTP id D660E43CA3 for ; Wed, 6 Dec 2006 23:54:36 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 27394 invoked by uid 399); 6 Dec 2006 23:55:24 -0000 Received: from localhost (HELO ?192.168.0.7?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 6 Dec 2006 23:55:24 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <4577586A.2010009@FreeBSD.org> Date: Wed, 06 Dec 2006 15:55:22 -0800 From: Doug Barton Organization: http://www.freebsd.org/ User-Agent: Thunderbird 1.5.0.8 (X11/20061125) MIME-Version: 1.0 To: Robert Watson References: <200609241731.k8OHV5mZ053132@repoman.freebsd.org> <45775157.4030900@FreeBSD.org> <20061206233112.X65418@fledge.watson.org> In-Reply-To: <20061206233112.X65418@fledge.watson.org> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d auditd X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2006 23:55:26 -0000 Robert Watson wrote: > > On Wed, 6 Dec 2006, Doug Barton wrote: > >>> Sleep for one second after calling audit -t to give the audit daemon a >>> chance to actually terminate the audit service and exit. >>> Otherwise, on >>> an rc.d/auditd restart, the new audit daemon instance may try to start >>> auditing while the previous session is still running. Likewise, this >>> ensures a chance for auditd to terminate the audit trail at system >>> shutdown. >>> >>> Perhaps more ideally, the script would wait synchronously for >>> auditd to >>> exit rather than for an arbitrary but short period of time. >> >> Perhaps a better change would be: >> >> /usr/sbin/audit -t while : ; do). >> if ; then >> echo 'Waiting for the audit system to terminate' >> sleep 1 >> else >> break >> fi >> done > > Is there a built-in mechanism in rc.d to wait for a process to exit? There is wait_for_pids(), which combined with pgrep could possibly work for you. Since I wasn't sure what your parameters are, the mechanism above is generic enough to work with anything. > We'd like to wait for auditd to exit, specifically, as a sign that > auditing really is terminated. Then what you probably want (untested) is something like /usr/sbin/audit -t wait_for_pids `pgrep -d' ' auditd` hth, Doug -- This .signature sanitized for your protection