On Tuesday, November 14, 2023 5:31:55 AM EST Chris Riches wrote: > Tangentially, did you have a chance to look at the wmode=WAIT_YES oddity > I pointed out in my original email?
Only briefly. That code was written in 2005 when things were very different. It was common to run into distributions that hadn't enabled audit in the kernel but pam and shadow-utils they were shipping were audit aware. So, that code had to handle transmission error. Nowadays, audit is enabled on all major distros. But the code has not been touched since probably 2006. It might need some minor touch ups. On shutdown, we don't care about the events, we just need to set the pid to 0 to stop the flow. On startup, it's more important to save the events since they may be of interest. I may look at that case some time. -Steve _______________________________________________ Linux-audit mailing list -- [email protected] To unsubscribe send an email to [email protected]
