Re: SELinux policy reload cannot be sent to audit system

On Tuesday, November 03, 2015 09:48:31 PM Laurent Bigonville wrote: > Le 03/11/15 21:08, Richard Guy Briggs a écrit : > > On 15/11/03, Steve Grubb wrote: > >> On Tuesday, November 03, 2015 06:12:07 PM Laurent Bigonville wrote: > >>> I'm running in permissive mode. > >>> > >>> I'm seeing a netlink

Re: [RFC PATCH 1/7] audit: don't needlessly reset valid wait time

On 15/11/04, Paul Moore wrote: > On Thursday, October 22, 2015 02:53:14 PM Richard Guy Briggs wrote: > > After auditd has recovered from an overflowed queue, the first process > > that doesn't use reserves to make it through the queue checks should > > reset the audit backlog wait time to the confi

Re: [RFC PATCH 2/7] audit: include auditd's threads in audit_log_start() wait exception

On Thursday, October 22, 2015 02:53:15 PM Richard Guy Briggs wrote: > Should auditd spawn threads, allow all members of its thread group to > use the audit_backlog_limit reserves to bypass the queue limits too. > > Signed-off-by: Richard Guy Briggs > --- > kernel/audit.c |2 +- > 1 files cha

[RFC PATCH] audit: remove audit_backlog_wait_overflow

It seems much more obvious and readable to simply use "0". Signed-off-by: Paul Moore --- kernel/audit.c |3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 5a3ae37..6b4ae65 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -110,7 +110,

Re: [RFC PATCH 1/7] audit: don't needlessly reset valid wait time

On Thursday, October 22, 2015 02:53:14 PM Richard Guy Briggs wrote: > After auditd has recovered from an overflowed queue, the first process > that doesn't use reserves to make it through the queue checks should > reset the audit backlog wait time to the configured value. After that, > there is no

Re: [GIT PULL] Audit patches for 4.4

On Wednesday, November 04, 2015 08:34:12 AM Paul Moore wrote: > Hi Linus, > > Seven audit patches for 4.4, but really only one of any significant value, > the remainder are trivial cleanups that are described well enough in the > patch descriptions. The one significant patch is an attempt to make

[GIT PULL] Audit patches for 4.4

Hi Linus, Seven audit patches for 4.4, but really only one of any significant value, the remainder are trivial cleanups that are described well enough in the patch descriptions. The one significant patch is an attempt to make communication between the kernel's audit subsystem and the userspace