[PATCH] audit: allow unlimited backlog queue
Richard Guy Briggs
rgb at redhat.com
Wed Jan 15 16:50:11 UTC 2014
On 14/01/15, Steve Grubb wrote:
> On Tuesday, January 14, 2014 05:59:16 PM Richard Guy Briggs wrote:
> > Since audit can already be disabled by "audit=0" on the kernel boot line, or
> > by the command "auditctl -e 0", it would be more useful to have the
> > audit_backlog_limit set to zero mean effectively unlimited (limited only by
> > system resources).
>
> I don't see a useful purpose to this.
That's up to you. On your side it is a documentation question. It is
already implemented in the kernel. The rationale I thought was fairly
clear. The flexibility is there. A warning would be useful.
> -Steve
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list