audit.71 kernel
Stephen Smalley
sds at tycho.nsa.gov
Mon Jun 27 13:28:24 UTC 2005
On Mon, 2005-06-27 at 12:27 +0100, David Woodhouse wrote:
> On Mon, 2005-06-27 at 07:15 -0400, Steve Grubb wrote:
> > The SE Linux guys say this would hurt their troubleshooting ability. On
> > shutdown, there are some AVC denial messages that they can get only by using
> > a serial console. We either need a configurable setting that auditctl can
> > adjust, or change the priority of only the user space messages.
>
> It's already configurable.
>
> dmesg -n 5
We want to be able to set the log level via kernel boot parameter, so
that we can see denials that occur during initialization. The avc used
to support setting the log level that it used in this manner, prior to
migrating to using the audit framework.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list