[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Handling disk full & No Kernel resources

On Wednesday 05 January 2005 11:40, Casey Schaufler wrote:
>  the only behavior that has ever been considered reliable is
> for the audit deamon to send the system into
> single user (or turn it off) when audit space is
> not available. 

So then how do you bring it back up? If it shuts down when there's no room and 
you restart the system, there's still no room. Is it expected for users to 
disable auditing at boot, or boot to single user mode and then clear disk 
space? Just curious what the customer support for this is like.

> One example I like to use is inetd, which *must* be 
> audited and which will cause amazing (lack of) behavior if it's 
> suspended. 

Out of curiosity, how do you audit the children of xinetd? The current audit 
kernel implementation does not allow you to audit based on sid or pgid. Which 
brings up the question of "do we want that?"

-Steve Grubb

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]