[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC PATCH] audit: correctly record file names with different path name types



On Tuesday, December 02, 2014 03:12:25 PM hujianyang wrote:
> Hi Paul,
> 
> Thanks for your work~! But I'm sorry to say I've tested this patch with
> a kernel 3.10.53 and met a panic while booting. I think it's caused by
> this patch.
> 
> Could you please take some time to look at this? Did I do something
> wrong?

...

On Tuesday, December 02, 2014 03:31:17 PM hujianyang wrote:
> This is configure options in my environment. I hope it would
> help you~!
> 
> 
> # 5.2 audit configuration
> # 5.2.1
> 
> # 5.2.2 Stop system when log is full
> configuration modify "/etc/audit/auditd conf space_left_action =
> SYSLOG space_left_action = SYSLOG" #configuration modify
> "/etc/audit/auditd conf admin_space_left_action =
> SUSPEND admin_space_left_action = HALT" configuration modify
> "/etc/audit/auditd conf space_left = 75 space_left = 2" configuration
> modify "/etc/audit/auditd conf admin_space_left = 50 admin_space_left = 1"

Thanks for taking the time to test, however, a few things ...

First, could you provide the /etc/audit/auditd.conf and /etc/audit/audit.rules 
files you used for your testing?  I don't understand configuration 
script/language you used above.

Second, I tested the patch against the audit tree's stable-3.18 branch, could 
you (re)test against 3.18-rcX instead of 3.10.X?  There have been a number of 
changes to the audit subsystem since 3.10 was released and it would surprise 
me if the patch I posted has problems on 3.10.X.

 * git://git.infradead.org/users/pcmoore/audit stable-3.18

Thanks,
-Paul

-- 
paul moore
security and virtualization @ redhat


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]