On Mon, 2014-03-10 at 15:30 -0400, David Miller wrote:
> From: Eric Paris
> Date: Fri, 07 Mar 2014 17:52:02 -0500
>
> > The second user Eric patched, audit_send_list(), can grow without bound.
> > The number of skb's is going to be the size of the number of audit rules
> > that root loaded. We r
From: Eric Paris
Date: Fri, 07 Mar 2014 17:52:02 -0500
> The second user Eric patched, audit_send_list(), can grow without bound.
> The number of skb's is going to be the size of the number of audit rules
> that root loaded. We run the list of rules, generate an skb per rule,
> and add all of th
From: Steve Grubb
Date: Fri, 07 Mar 2014 22:27:28 -0500
> On Friday, March 07, 2014 07:48:01 PM David Miller wrote:
>> From: Eric Paris
>> Date: Fri, 07 Mar 2014 17:52:02 -0500
>>
>> > Audit is non-tolerant to failure and loss.
>>
>> Netlink is not a loss-less transport.
>
> Perhaps. But in a
On Fri, 2014-03-07 at 19:48 -0500, David Miller wrote:
> From: Eric Paris
> Date: Fri, 07 Mar 2014 17:52:02 -0500
>
> > Audit is non-tolerant to failure and loss.
>
> Netlink is not a loss-less transport.
I'm happy to accept that (and know it to be true). How can I better
architect things? It
On Friday, March 07, 2014 07:48:01 PM David Miller wrote:
> From: Eric Paris
> Date: Fri, 07 Mar 2014 17:52:02 -0500
>
> > Audit is non-tolerant to failure and loss.
>
> Netlink is not a loss-less transport.
Perhaps. But in all our testing over the years its been very good.
-Steve
--
Linux-au
From: Eric Paris
Date: Fri, 07 Mar 2014 17:52:02 -0500
> Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
As usual Eric, your commentary is anything but useful. However your
technical thoughts are not off the mark. Can we stick to those?
On Wed, 2014-03-05 at 10:06 -0800, Eric W. Biederman wrote:
> Steve Grubb writes:
>
> > On Tuesday, March 04, 2014 07:21:52 PM David Miller wrote:
> >> From: ebie
Steve Grubb writes:
> On Tuesday, March 04, 2014 07:21:52 PM David Miller wrote:
>> From: ebied...@xmission.com (Eric W. Biederman)
>> Date: Tue, 04 Mar 2014 14:41:16 -0800
>>
>> > If we really want the ability to always appened to the queue of skb's
>> > is to just have a version of netlink_sen
On 03/05/2014 10:59 AM, Steve Grubb wrote:
> The audit system has to be very reliable. It can't lose any event or record.
> The people that really depend on it would rather have access denied to the
> system than lose any event. This is the reason it goes to such lengths.
+1
LCB
--
LC (Lenny)
On Tuesday, March 04, 2014 07:21:52 PM David Miller wrote:
> From: ebied...@xmission.com (Eric W. Biederman)
> Date: Tue, 04 Mar 2014 14:41:16 -0800
>
> > If we really want the ability to always appened to the queue of skb's
> > is to just have a version of netlink_send_skb that ignores the queued
From: ebied...@xmission.com (Eric W. Biederman)
Date: Tue, 04 Mar 2014 14:41:16 -0800
> If we really want the ability to always appened to the queue of skb's
> is to just have a version of netlink_send_skb that ignores the queued
> limits. Of course an evil program then could force the generation
On Tue, 04 Mar 2014 14:41:16 -0800 ebied...@xmission.com (Eric W. Biederman)
wrote:
> David Miller writes:
>
> > From: Andrew Morton
> > Date: Tue, 4 Mar 2014 13:30:04 -0800
> >
> >> On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W.
> >> Biederman) wrote:
> >>
> >>>
> >>> Mo
David Miller writes:
> From: Andrew Morton
> Date: Tue, 4 Mar 2014 13:30:04 -0800
>
>> On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman)
>> wrote:
>>
>>>
>>> Modify audit_send_reply to directly use a non-blocking send and
>>> to return an error on failure (if anyone
From: Andrew Morton
Date: Tue, 4 Mar 2014 13:30:04 -0800
> On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman)
> wrote:
>
>>
>> Modify audit_send_reply to directly use a non-blocking send and
>> to return an error on failure (if anyone cares).
>>
>> Modify audit_list_
On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman)
wrote:
>
> Modify audit_send_reply to directly use a non-blocking send and
> to return an error on failure (if anyone cares).
>
> Modify audit_list_rules_send to use audit_send_reply and give up
> if we can not send a
Modify audit_send_reply to directly use a non-blocking send and
to return an error on failure (if anyone cares).
Modify audit_list_rules_send to use audit_send_reply and give up
if we can not send a packet.
Merge audit_list_rules into iaudit_list_rules_send as the code
is now sufficiently simple
16 matches
Mail list logo
