All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 8db7610d authored by Leigh B Stoller's avatar Leigh B Stoller

Change to previous revision wrt logging email. My last change broke

that and in fact, it needed a change to libaudit. I am still pondering
this, the change I put in needs more thought.
parent a27293b3
......@@ -766,24 +766,12 @@ print STDERR "$rspecstr\n";
# Exit and let caller poll for status.
#
if (!$debug) {
# Need this in the child.
my $parent_lockname = "lock_$PID";
# Before the fork, lock the lock in the parent. It will be
# unlocked just before the parent exits, thus informing the
# child.
DBQueryWarn("select GET_LOCK('$parent_lockname', 5)");
libaudit::AuditPrefork();
my $child = fork();
if ($child) {
# Parent exits but avoid libaudit email.
exit(0);
}
# XXX Need to let the parent finish up first so that the log file
# is properly sent, but the parent is is in the "defunct" state,
# so cannot use kill(0) to figure out it is gone.
DBQueryWarn("select GET_LOCK('$parent_lockname', 15)");
# All of the logging magic happens in here.
libaudit::AuditFork();
}
......
......@@ -30,7 +30,7 @@ use Exporter;
@EXPORT =
qw ( AuditStart AuditEnd AuditAbort AuditFork AuditSetARGV AuditGetARGV
AddAuditInfo
LogStart LogEnd LogAbort AuditDisconnect
LogStart LogEnd LogAbort AuditDisconnect AuditPrefork
LIBAUDIT_NODAEMON LIBAUDIT_DAEMON LIBAUDIT_LOGONLY
LIBAUDIT_NODELETE LIBAUDIT_FANCY LIBAUDIT_LOGTBOPS LIBAUDIT_LOGTBLOGS
);
......@@ -65,6 +65,9 @@ my $auditing = 0;
# Where the log is going. When not defined, do not send it in email!
my $logfile;
# Sleazy.
my $prefork;
# Logonly, not to audit list.
my $logonly = 0;
# Log to tbops or tblogs
......@@ -325,10 +328,27 @@ sub AuditAbort()
undef($logfile);
}
delete @ENV{'TBAUDITLOG', 'TBAUDITON'};
touch($prefork)
if (defined($prefork));
}
return 0;
}
#
# Indicate we are about to fork. In general, we want the parent to exit
# first so the first part of the logging email gets sent. Otherwise the
# file might get deleted out from under the child.
# So we use some sleaze to make sure that happens.
#
sub AuditPrefork()
{
return 0
if (!$auditing);
$prefork = "/var/tmp/auditfork_$PID";
}
#
# Ug, forked children result in multiple copies. It does not happen often
# since most forks result in an exec.
......@@ -338,6 +358,18 @@ sub AuditFork()
return 0
if (!$auditing || !defined($logfile));
#
# If prefork is set, we want the parent to exit first. So we wait for
# that to happen.
#
if (defined($prefork)) {
while (! -e $prefork) {
sleep(1);
}
unlink($prefork);
}
$prefork = undef;
open(LOG, ">> $logfile") or
die("opening $logfile for $logfile: $!");
......@@ -440,12 +472,12 @@ sub SendAuditMail($)
# Do not save empty logfile.
unlink($logfile)
if (defined($logfile));
return;
goto done;
}
if ($fancy) {
SendFancyMail($exitstatus);
return;
goto done;
}
#
......@@ -497,6 +529,9 @@ sub SendAuditMail($)
unlink($logfile)
if (defined($logfile) && !$savelog);
}
done:
system("/usr/bin/touch $prefork")
if (defined($prefork));
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment