change lspp ipc auditing
Steve Grubb
sgrubb at redhat.com
Sat Apr 1 01:36:05 UTC 2006
On Friday 31 March 2006 16:38, Stephen Smalley wrote:
> Why set it to 2?
I sometimes like those things so that I can printk them during debug to see
which one is doing it. If they were both a "1" there's no way to distinguish
which one tripped it.
> BTW, I personally have no strong opinion on whether to call audit_panic
> in this case.
My feeling is that calling audit_panic does no good. In the case of sendfile,
the data has already left the box and panic helps nothing. What we need to do
is figure out how to close the loop manually just in case this ever happens.
Maybe this should be added to the agenda for Monday's lspp telecon?
Thanks,
-Steve
More information about the Linux-audit
mailing list