[PATCH] audit: optionally print warning after waiting to enqueue record
Paul Moore
paul at paul-moore.com
Thu Jun 18 13:46:54 UTC 2020
On Thu, Jun 18, 2020 at 9:39 AM Steve Grubb <sgrubb at redhat.com> wrote:
> The kernel cannot grow the backlog unbounded. If you do nothing, the backlog
> is 64 - which is too small to really use. Otherwise, you set the backlog to a
> finite number with the -b option.
If one were to set the backlog limit to 0, it is effectively disabled
allowing the backlog to grow without any restrictions placed on it by
the audit subsystem.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list