[RFC PATCH] audit: correctly record file names with different path name types
Paul Moore
pmoore at redhat.com
Tue Dec 2 16:02:10 UTC 2014
On Tuesday, December 02, 2014 03:12:25 PM hujianyang wrote:
> Hi Paul,
>
> Thanks for your work~! But I'm sorry to say I've tested this patch with
> a kernel 3.10.53 and met a panic while booting. I think it's caused by
> this patch.
>
> Could you please take some time to look at this? Did I do something
> wrong?
...
On Tuesday, December 02, 2014 03:31:17 PM hujianyang wrote:
> This is configure options in my environment. I hope it would
> help you~!
>
>
> # 5.2 audit configuration
> # 5.2.1
>
> # 5.2.2 Stop system when log is full
> configuration modify "/etc/audit/auditd.conf at space_left_action =
> SYSLOG at space_left_action = SYSLOG" #configuration modify
> "/etc/audit/auditd.conf at admin_space_left_action =
> SUSPEND at admin_space_left_action = HALT" configuration modify
> "/etc/audit/auditd.conf at space_left = 75 at space_left = 2" configuration
> modify "/etc/audit/auditd.conf at admin_space_left = 50 at admin_space_left = 1"
Thanks for taking the time to test, however, a few things ...
First, could you provide the /etc/audit/auditd.conf and /etc/audit/audit.rules
files you used for your testing? I don't understand configuration
script/language you used above.
Second, I tested the patch against the audit tree's stable-3.18 branch, could
you (re)test against 3.18-rcX instead of 3.10.X? There have been a number of
changes to the audit subsystem since 3.10 was released and it would surprise
me if the patch I posted has problems on 3.10.X.
* git://git.infradead.org/users/pcmoore/audit stable-3.18
Thanks,
-Paul
--
paul moore
security and virtualization @ redhat
More information about the Linux-audit
mailing list