From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
The second user Eric patched, audit_send_list(), can grow without bound.
The number of skb's is going to be the size of the number of audit rules
that root loaded. We run the list of rules, generate an skb per rule,
and
On Mon, 2014-03-10 at 15:30 -0400, David Miller wrote:
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
The second user Eric patched, audit_send_list(), can grow without bound.
The number of skb's is going to be the size of the number of audit rules
that root
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Friday, March 07, 2014 07:48:01 PM David Miller wrote:
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport.
Perhaps. But in all our testing over the years its been very good.
-Steve
On Fri, 2014-03-07 at 19:48 -0500, David Miller wrote:
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport.
I'm happy to accept that (and know it to be true). How can I better
architect
From: Steve Grubb sgr...@redhat.com
Date: Fri, 07 Mar 2014 22:27:28 -0500
On Friday, March 07, 2014 07:48:01 PM David Miller wrote:
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport.
On Tuesday, March 04, 2014 07:21:52 PM David Miller wrote:
From: ebied...@xmission.com (Eric W. Biederman)
Date: Tue, 04 Mar 2014 14:41:16 -0800
If we really want the ability to always appened to the queue of skb's
is to just have a version of netlink_send_skb that ignores the queued
On 03/05/2014 10:59 AM, Steve Grubb wrote:
The audit system has to be very reliable. It can't lose any event or record.
The people that really depend on it would rather have access denied to the
system than lose any event. This is the reason it goes to such lengths.
+1
LCB
--
LC (Lenny)
Steve Grubb sgr...@redhat.com writes:
On Tuesday, March 04, 2014 07:21:52 PM David Miller wrote:
From: ebied...@xmission.com (Eric W. Biederman)
Date: Tue, 04 Mar 2014 14:41:16 -0800
If we really want the ability to always appened to the queue of skb's
is to just have a version of
From: Andrew Morton a...@linux-foundation.org
Date: Tue, 4 Mar 2014 13:30:04 -0800
On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman)
wrote:
Modify audit_send_reply to directly use a non-blocking send and
to return an error on failure (if anyone cares).
David Miller da...@davemloft.net writes:
From: Andrew Morton a...@linux-foundation.org
Date: Tue, 4 Mar 2014 13:30:04 -0800
On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman)
wrote:
Modify audit_send_reply to directly use a non-blocking send and
to return an
On Tue, 04 Mar 2014 14:41:16 -0800 ebied...@xmission.com (Eric W. Biederman)
wrote:
David Miller da...@davemloft.net writes:
From: Andrew Morton a...@linux-foundation.org
Date: Tue, 4 Mar 2014 13:30:04 -0800
On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W.
From: ebied...@xmission.com (Eric W. Biederman)
Date: Tue, 04 Mar 2014 14:41:16 -0800
If we really want the ability to always appened to the queue of skb's
is to just have a version of netlink_send_skb that ignores the queued
limits. Of course an evil program then could force the generation
Modify audit_send_reply to directly use a non-blocking send and
to return an error on failure (if anyone cares).
Modify audit_list_rules_send to use audit_send_reply and give up
if we can not send a packet.
Merge audit_list_rules into iaudit_list_rules_send as the code
is now sufficiently
14 matches
Mail list logo