Audit: eventlogger sink node reopen on SIGHUP (#23598)

* ensure nodes are asked to reload audit files on SIGHUP

* added changelog

builtin/audit/file/backend.go

@@ -391,27 +391,39 @@ func (b *Backend) open() error {
 }
 
 func (b *Backend) Reload(_ context.Context) error {
-	switch b.path {
+	// When there are nodes created in the map, use the eventlogger behavior.
-	case stdout, discard:
+	if len(b.nodeMap) > 0 {
+		for _, n := range b.nodeMap {
+			if n.Type() == eventlogger.NodeTypeSink {
+				return n.Reopen()
+			}
+		}
+
 		return nil
-	}
+	} else {
+		// old non-eventlogger behavior
+		switch b.path {
+		case stdout, discard:
+			return nil
+		}
 
-	b.fileLock.Lock()
+		b.fileLock.Lock()
-	defer b.fileLock.Unlock()
+		defer b.fileLock.Unlock()
+
+		if b.f == nil {
+			return b.open()
+		}
+
+		err := b.f.Close()
+		// Set to nil here so that even if we error out, on the next access open()
+		// will be tried
+		b.f = nil
+		if err != nil {
+			return err
+		}
 
-	if b.f == nil {
 		return b.open()
 	}
-
-	err := b.f.Close()
-	// Set to nil here so that even if we error out, on the next access open()
-	// will be tried
-	b.f = nil
-	if err != nil {
-		return err
-	}
-
-	return b.open()
 }
 
 func (b *Backend) Invalidate(_ context.Context) {

changelog/23598.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+audit: Fix bug reopening 'file' audit devices on SIGHUP.
+```