[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Dustin Kirkland
dustin.kirkland at us.ibm.com
Tue Aug 30 18:21:14 UTC 2005
Forwarding a note from Mounir which did not copy linux-audit...
On Tue, 2005-08-30 at 13:20 -0500, Mounir Bsaibes wrote:
> On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote:
> > Ok, then anyone who disagrees with failing the syscall speak up now...
> > If this is the preferred operation, please say so. Klaus--I, too, am
> > calling for your input.
>
> While it can be one of the configurable options for panic, failing the
> system call is not enough in all cases. Due to the requirement that the
> system must not loose audit record, the system must panic, when
> resources are exhausted.
> Refer to the linux-audit archive of January 2005.
> https://www.redhat.com/archives/linux-audit/2005-January/msg00030.html
> Similar issue was discussed for what to do when audit log is full and
> what to do when kernel resources are exhausted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050830/cefeadd0/attachment.sig>
More information about the Linux-audit
mailing list