Instead of just forking, we fork() anaconda and then execv our custom audit daemon. This saves us an extra anaconda process running permanently, taking memory. Related: rhbz#549653 --- anaconda | 14 +++++++++++++- isys/Makefile.am | 6 ++++++ isys/auditd.c | 11 +++++------ scripts/mk-images | 2 ++ 4 files changed, 26 insertions(+), 7 deletions(-) diff --git a/anaconda b/anaconda index 20ae4a0..e85a70a 100755 --- a/anaconda +++ b/anaconda @@ -60,6 +60,18 @@ def startMetacityWM(): sys.exit(0) return childpid +def startAuditDaemon(): + childpid = os.fork() + if not childpid: + cmd = '/sbin/auditd' + try: + os.execl(cmd, cmd) + except OSError as e: + log.error("Error running the audit daemon: %s" % str(e)) + sys.exit(0) + # auditd will turn into a daemon so catch the immediate child pid now: + os.waitpid(childpid, 0) + # function to handle X startup special issues for anaconda def doStartupX11Actions(runres="800x600"): global wm_pid @@ -760,7 +772,7 @@ if __name__ == "__main__": opts.isHeadless = True if not flags.livecdInstall: - isys.auditDaemon() + startAuditDaemon() # setup links required for all install types for i in ( "services", "protocols", "nsswitch.conf", "joe", "selinux", diff --git a/isys/Makefile.am b/isys/Makefile.am index f7c076a..415a0b5 100644 --- a/isys/Makefile.am +++ b/isys/Makefile.am @@ -52,4 +52,10 @@ libisys_la_LDFLAGS = -static libisys_la_LIBADD = $(ISYS_LIBS) libisys_la_SOURCES = $(ISYS_SRCS) +auditddir = $(libdir)/$(PACKAGE_NAME)-runtime +auditd_PROGRAMS = auditd +auditd_SOURCES = auditd.c +auditd_CFLAGS = -DSTANDALONE $(SELINUX_CFLAGS) +auditd_LDADD = $(SELINUX_LIBS) $(LIBNL_LIBS) + MAINTAINERCLEANFILES = Makefile.in diff --git a/isys/auditd.c b/isys/auditd.c index 8eef4f3..2ca6d04 100644 --- a/isys/auditd.c +++ b/isys/auditd.c @@ -94,32 +94,31 @@ static void do_auditd(int fd) { int audit_daemonize(void) { #ifdef USESELINUX int fd; -#ifndef STANDALONE - int i; pid_t child; - + int i; if ((child = fork()) > 0) return 0; +#ifndef STANDALONE for (i = 0; i < getdtablesize(); i++) close(i); - signal(SIGTTOU, SIG_IGN); signal(SIGTTIN, SIG_IGN); signal(SIGTSTP, SIG_IGN); +#endif /* !defined(STANDALONE) */ if ((fd = open("/proc/self/oom_adj", O_RDWR)) >= 0) { i = write(fd, "-17", 3); close(fd); } - -#endif /* !defined(STANDALONE) */ fd = audit_open(); do_auditd(fd); audit_close(fd); + #ifndef STANDALONE exit(0); #endif /* !defined(STANDALONE) */ + #endif /* USESELINUX */ return 0; } diff --git a/scripts/mk-images b/scripts/mk-images index bf76ce3..d55f110 100755 --- a/scripts/mk-images +++ b/scripts/mk-images @@ -163,6 +163,7 @@ GETKEYMAPS=$IMGPATH/usr/lib/anaconda-runtime/getkeymaps GENINITRDSZ=$IMGPATH/usr/lib/anaconda-runtime/geninitrdsz MKS390CDBOOT=$IMGPATH/usr/lib/anaconda-runtime/mk-s390-cdboot GENMODINFO=$IMGPATH/usr/lib/anaconda-runtime/genmodinfo +LIBEXECBINDIR=$IMGPATH/usr/lib/anaconda-runtime KEYMAPS=$TMPDIR/keymaps-$BUILDARCH.$$ SCREENFONT=$IMGPATH/usr/lib/anaconda-runtime/screenfont-${BASEARCH}.gz MODLIST=$IMGPATH/usr/lib/anaconda-runtime/modlist @@ -667,6 +668,7 @@ makeinitrd() { instbin $IMGPATH /usr/sbin/dasdfmt $MBD_DIR /sbin/dasdfmt cp -a $IMGPATH/usr/sbin/*_cio_free $MBD_DIR/sbin fi + instbin $IMGPATH ${LIBEXECBINDIR##$IMGPATH}/auditd $MBD_DIR /sbin/auditd if [ "$BUILDARCH" != "s390" -a "$BUILDARCH" != "s390x" ]; then install -m 644 $KEYMAPS $MBD_DIR/etc/keymaps.gz -- 1.6.6 _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list