From 82642c4683f90e1fc9f8a33a8f5cf294540eef4d Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Wed, 11 Oct 2023 12:08:56 -0400 Subject: [PATCH] backport of commit 88fb88e3db45cbc45b963cd17a3fdec6eea910b5 (#23609) Co-authored-by: Peter Wilson --- builtin/audit/file/backend.go | 44 ++++++++++++++++++++++------------- changelog/23598.txt | 3 +++ 2 files changed, 31 insertions(+), 16 deletions(-) create mode 100644 changelog/23598.txt diff --git a/builtin/audit/file/backend.go b/builtin/audit/file/backend.go index f715c20e32..4cc82c15ce 100644 --- a/builtin/audit/file/backend.go +++ b/builtin/audit/file/backend.go @@ -391,27 +391,39 @@ func (b *Backend) open() error { } func (b *Backend) Reload(_ context.Context) error { - switch b.path { - case stdout, discard: + // When there are nodes created in the map, use the eventlogger behavior. + if len(b.nodeMap) > 0 { + for _, n := range b.nodeMap { + if n.Type() == eventlogger.NodeTypeSink { + return n.Reopen() + } + } + return nil - } + } else { + // old non-eventlogger behavior + switch b.path { + case stdout, discard: + return nil + } - b.fileLock.Lock() - defer b.fileLock.Unlock() + b.fileLock.Lock() + defer b.fileLock.Unlock() + + if b.f == nil { + return b.open() + } + + err := b.f.Close() + // Set to nil here so that even if we error out, on the next access open() + // will be tried + b.f = nil + if err != nil { + return err + } - if b.f == nil { return b.open() } - - err := b.f.Close() - // Set to nil here so that even if we error out, on the next access open() - // will be tried - b.f = nil - if err != nil { - return err - } - - return b.open() } func (b *Backend) Invalidate(_ context.Context) { diff --git a/changelog/23598.txt b/changelog/23598.txt new file mode 100644 index 0000000000..9f260d83ef --- /dev/null +++ b/changelog/23598.txt @@ -0,0 +1,3 @@ +```release-note:bug +audit: Fix bug reopening 'file' audit devices on SIGHUP. +```