[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext



Forwarding a note from Mounir which did not copy linux-audit...

On Tue, 2005-08-30 at 13:20 -0500, Mounir Bsaibes wrote:
> On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote:
> > Ok, then anyone who disagrees with failing the syscall speak up now...
> > If this is the preferred operation, please say so.  Klaus--I, too, am
> > calling for your input.
>
> While it can be one of the configurable options for panic, failing the
> system call is not enough in all cases. Due to the requirement that the
> system must not loose audit record, the system must panic, when
> resources are exhausted. 
> Refer to the linux-audit archive of January 2005.
> https://www.redhat.com/archives/linux-audit/2005-January/msg00030.html
> Similar issue was discussed for what to do when audit log is full and
> what to do when kernel resources are exhausted.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]