rhgb no more
Ray Strode
halfline at gmail.com
Thu May 15 16:14:45 UTC 2008
Hi,
> Please note that the audit daemon needs to start before any daemon if you want
> it to work right. There's a couple reasons, one being that it enables the
> audit system and without that, any process running before the audit daemon is
> not auditable - ever. The work around is to add audit=1 to grub.conf, but
> then you get a performance hit for everyone.
>
> The second reason is that any audit event that occurs before the audit daemon
> runs could be lost. There may be AVCs on boot that you want or something else
> important that you wanted to capture.
There shouldn't be any semantic shift on this front, but if there's
problems we can make sure they get fixed up before the release.
More information about the fedora-devel-list
mailing list