Description of problem:
If a syscall is interrupted by a signal the errno value recorded in the audit
log is -512 (-ERESTARTSYS) which is a private, kernel-only errno value and
does not reflect what is seen in userspace, 4 (EINTR). I would expect that
the errno value recorded in the audit log should match what is seen in
Version-Release number of selected component (if applicable):
RHEL5 lspp.70 kernel
Every time, both if syscall is restarted or not
Steps to Reproduce:
1. Run an application which does the following:
* Installs a signal handler for SIGALRM
* Disable syscall restarts for SIGALRM
* Set an alarm for a future time
* Block in a syscall
2. Check audit logs and notice that the syscall failed with errno=-512
The audit log reports an errno of -512 (-ERESTARTSYS).
The audit log reports an errno of -4 (-EINTR).
This bug is *not* blocking the LSPP certification efforts of HP, Red Hat, and
QE ack for RHEL5.1. Would be good to get a testcase generated and aligned
against this issue.
Created attachment 154267 [details]
Simple test case
As outlined in the original bug description, the test for this is rather
trivial; a crude test case is attached. Simply compile the testcase, run the
resulting binary, and wait for it to timeout via the self-generated alarm
signal. Check the audit log and viola, one strange audit record.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
potential patch sent to linux-audit Nov 14 from Eric Paris
You can download this test kernel from http://people.redhat.com/dzickus/el5
verified using the test case on the -92.el5 kernel.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.