On Friday, November 14, 2014 10:32:51 PM Richard Guy Briggs wrote: > On 14/11/13, Steve Grubb wrote: > > On Thursday, November 13, 2014 08:08:52 PM Richard Guy Briggs wrote: > > > > So what terrible things happen to userspace if > > > > AUDIT_VERSION_BACKLOG_WAIT_TIME becomes 0x03 instead of 0x02? > > > > > > But it won't. It gets the value of > > > AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME, which is 0x00000002. > > > > > > I think you meant to ask about AUDIT_VERSION_LATEST, which would become > > > 3. > > > > > > You *did* already ask that question in a previous thread, and there > > > didn't seem to be a concern. Steve Grubb could likely answer this > > > question better than me. > > > > The audit 2.4.1 package has been pushed to everything from F20 -> rawhide. > > If you don't see any problems, then its safe. But check carefully around > > the things that you did change. Right now, we only are caring about only > > one kernel feature, --loginuid-immutable. Check that it still works, > > auditctl -s. > Here's my output, which I assume looks sane: > > [root@f20 ~]# rpm -q audit > audit-2.4.1-1.fc20.x86_64 > [root@f20 ~]# auditctl -s > enabled 1 > flag 1 > pid 307 > rate_limit 0 > backlog_limit 320 > lost 0 > backlog 0 > backlog_wait_time 60000 > loginuid_immutable 0 unlocked
Looks like good output to me, Steve? -- paul moore security and virtualization @ redhat -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
