[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Steve Grubb
sgrubb at redhat.com
Thu Jul 28 15:49:52 UTC 2005
On Thursday 28 July 2005 11:27, Timothy R. Chavez wrote:
> But audit_panic() doesn't just panic the system or it doesn't have to at
> least. You're able to set the 'audit_failure' such that when audit_panic()
> is called it can fail silently, print to syslog, or panic the system.
Right, but audit_panic is reserved for use when the backlog overflows or rate
limit is too high. When you wrote the fs watch code, did you call audit_panic
when a buffer alloc failed? No, you failed the syscall. The behavior should
be consistent.
-Steve
More information about the Linux-audit
mailing list