suspending a process when audit resource are not available
Mounir Bsaibes
bsaibes at us.ibm.com
Wed Dec 15 02:01:23 UTC 2004
One of the CAPP requirements and probably the LSPP as well is when audit
records cannot be generated, for a particular process, the process need to
be halted. the current audit system, depending on the failure flag can
either, 1) do nothing 2) print a kernel message or 3) issue a panic. I am
thinking of adding a 4) option for the failure flag to suspend the
process. If the failure flag is set to "suspend" and the audit_log_lost
function is called the process will be suspended by issuing a sigsuspend
call.
I am soliciting comments to see if I proceed with this or not.
Thanks,
Mounir
Mounir Bsaibes
Linux Security
Tel: (512) 838-1301
Cell: (512) 762-9957
Fax: (512) 838-8858
e-mail: bsaibes at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20041214/0cd4252d/attachment.htm>
More information about the Linux-audit
mailing list