Audit: eventlogger sink node reopen on SIGHUP (#23598)

* ensure nodes are asked to reload audit files on SIGHUP * added changelog
2025-10-29 17:52:32 +00:00 · 2023-10-11 16:46:49 +01:00
parent 163c03f514
commit 88fb88e3db
2 changed files with 31 additions and 16 deletions
--- a/builtin/audit/file/backend.go
+++ b/builtin/audit/file/backend.go
@@ -391,27 +391,39 @@ func (b *Backend) open() error {
 }

 func (b *Backend) Reload(_ context.Context) error {
-	switch b.path {
-	case stdout, discard:
+	// When there are nodes created in the map, use the eventlogger behavior.
+	if len(b.nodeMap) > 0 {
+		for _, n := range b.nodeMap {
+			if n.Type() == eventlogger.NodeTypeSink {
+				return n.Reopen()
+			}
+		}
+
 		return nil
-	}
+	} else {
+		// old non-eventlogger behavior
+		switch b.path {
+		case stdout, discard:
+			return nil
+		}

-	b.fileLock.Lock()
-	defer b.fileLock.Unlock()
+		b.fileLock.Lock()
+		defer b.fileLock.Unlock()
+
+		if b.f == nil {
+			return b.open()
+		}
+
+		err := b.f.Close()
+		// Set to nil here so that even if we error out, on the next access open()
+		// will be tried
+		b.f = nil
+		if err != nil {
+			return err
+		}

-	if b.f == nil {
 		return b.open()
 	}
-
-	err := b.f.Close()
-	// Set to nil here so that even if we error out, on the next access open()
-	// will be tried
-	b.f = nil
-	if err != nil {
-		return err
-	}
-
-	return b.open()
 }

 func (b *Backend) Invalidate(_ context.Context) {
--- a/changelog/23598.txt
+++ b/changelog/23598.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+audit: Fix bug reopening 'file' audit devices on SIGHUP.
+```