Way too many logs!
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri May 9 21:29:04 UTC 2008
On Fri, 09 May 2008 16:20:44 EDT, Jeremy Leonard said:
> -a exit,always -S sched_setparam -S sched_setscheduler -k RULE7
> type=SYSCALL msg=audit(04/25/08 16:37:48.568:194518) : arch=i386 syscall=_newselect
OK, I'll bite - why is a select() syscall tripping sched_setparam or sched_setschdeduler?
Or more importantly - are those two cutting audit events for the wrong reasons?
(In other words, should the kernel be doing the "trim it to only user-initiated
changes" that Steve Grubb suggested 'uid>500' as a workaround?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080509/9fca3c2a/attachment.sig>
More information about the Linux-audit
mailing list