Forwarding a note from Mounir which did not copy linux-audit... On Tue, 2005-08-30 at 13:20 -0500, Mounir Bsaibes wrote: > On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote: > > Ok, then anyone who disagrees with failing the syscall speak up now... > > If this is the preferred operation, please say so. Klaus--I, too, am > > calling for your input. > > While it can be one of the configurable options for panic, failing the > system call is not enough in all cases. Due to the requirement that the > system must not loose audit record, the system must panic, when > resources are exhausted. > Refer to the linux-audit archive of January 2005. > https://www.redhat.com/archives/linux-audit/2005-January/msg00030.html > Similar issue was discussed for what to do when audit log is full and > what to do when kernel resources are exhausted.
Description: This is a digitally signed message part