[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit messages when there's no audit daemon



On Wed, 2005-06-22 at 06:56 -0400, Steve Grubb wrote:
> > Why isn't audit disabled at this point?
> 
> Which program would be responsible for disabling the audit system?
> init? 

I was thinking that either auditd should be running or the audit system
should have been disabled.

> Also, there are actions that occur on shutdown that SE Linux people need to 
> see in order to correct policy. So, we can't affect AVC messages including 
> USER_AVC.

So we should exempt USER_AVC messages from the patch which discards user
messages when audit_enabled == 0? I can do that in a new kernel build.

-- 
dwmw2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]