Date: Wed, 6 Dec 2006 23:32:37 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Doug Barton <dougb@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d auditd Message-ID: <20061206233112.X65418@fledge.watson.org> In-Reply-To: <45775157.4030900@FreeBSD.org> References: <200609241731.k8OHV5mZ053132@repoman.freebsd.org> <45775157.4030900@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 6 Dec 2006, Doug Barton wrote: >> Sleep for one second after calling audit -t to give the audit daemon a >> chance to actually terminate the audit service and exit. Otherwise, on >> an rc.d/auditd restart, the new audit daemon instance may try to start >> auditing while the previous session is still running. Likewise, this >> ensures a chance for auditd to terminate the audit trail at system >> shutdown. >> >> Perhaps more ideally, the script would wait synchronously for auditd to >> exit rather than for an arbitrary but short period of time. > > Perhaps a better change would be: > > /usr/sbin/audit -t while : ; do). > if <something that indicates audit is not dead yet>; then > echo 'Waiting for the audit system to terminate' > sleep 1 > else > break > fi > done Is there a built-in mechanism in rc.d to wait for a process to exit? We'd like to wait for auditd to exit, specifically, as a sign that auditing really is terminated. For a variety of reasons, it's complicated to modify the "audit -t" notification mechanism to wait synchronously for audit to terminate. I have loose plans to work on it, but it will probably be a couple of months before that happens (6.3, definitely not 6.2 Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061206233112.X65418>