Hello Steve!
OK, the last puzzle peace was loginuid=0 !! -.-
My current audit rules for the use-case "logging root user actions, without
too much noise"
#
# delete all rules
-D
# set backlog_limit, default=320
-b 8192
# do not audit cron jobs
-a user,never -F subj_type=crond_t
-a exit,never -F s
On Sunday, November 15, 2015 12:42:52 PM SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sun, 15 Nov 2015 12:38:33 +0100
>
> The functions consume_skb() and kfree_skb() test whether their argument
> is NULL and then return immediately.
> Thus the tests around their calls are not needed.
>