On Tue, Mar 21, 2017 at 4:04 AM, Richard Guy Briggs wrote:
> On 2017-03-20 10:44, Paul Moore wrote:
>> On Mon, Mar 20, 2017 at 8:08 AM, Paul Moore wrote:
>> > On Sun, Mar 19, 2017 at 9:46 PM, Steve Grubb wrote:
>> >> Hello Richard and Paul,
>> >>
>> >> I was going to do a blog write up about boo
On 2017-03-20 10:44, Paul Moore wrote:
> On Mon, Mar 20, 2017 at 8:08 AM, Paul Moore wrote:
> > On Sun, Mar 19, 2017 at 9:46 PM, Steve Grubb wrote:
> >> Hello Richard and Paul,
> >>
> >> I was going to do a blog write up about booting the system with
> >> audit_backlog_limit=8192 for STIG users a
assumed I had
>> broken something with the queuing, the lost counter, or both. It's
>> possible I still may have broken something in the v4.10 queue rework,
>> or something broke a long time ago and we are just noticing it now.
>>
>> First off, can you create a GitHub
On Monday, March 20, 2017 10:55:43 AM EDT Paul Moore wrote:
> On Mon, Mar 20, 2017 at 10:44 AM, Paul Moore wrote:
> > On Mon, Mar 20, 2017 at 8:08 AM, Paul Moore wrote:
> >> On Sun, Mar 19, 2017 at 9:46 PM, Steve Grubb wrote:
> >>> Hello Richard and Paul,
> >>>
> >>> I was going to do a blog wr
y (the
> exact same lost count too), although it was a development kernel build
> with a *heavily* modified audit subsystem so I just assumed I had
> broken something with the queuing, the lost counter, or both. It's
> possible I still may have broken something in the v4.10 queue rewo
On Mon, Mar 20, 2017 at 10:44 AM, Paul Moore wrote:
> On Mon, Mar 20, 2017 at 8:08 AM, Paul Moore wrote:
>> On Sun, Mar 19, 2017 at 9:46 PM, Steve Grubb wrote:
>>> Hello Richard and Paul,
>>>
>>> I was going to do a blog write up about booting the system with
>>> audit_backlog_limit=8192 for STI
On Mon, Mar 20, 2017 at 8:08 AM, Paul Moore wrote:
> On Sun, Mar 19, 2017 at 9:46 PM, Steve Grubb wrote:
>> Hello Richard and Paul,
>>
>> I was going to do a blog write up about booting the system with
>> audit_backlog_limit=8192 for STIG users and have stumbled on to a mystery.
>> The
>> kernel
On Sun, Mar 19, 2017 at 9:46 PM, Steve Grubb wrote:
> Hello Richard and Paul,
>
> I was going to do a blog write up about booting the system with
> audit_backlog_limit=8192 for STIG users and have stumbled on to a mystery. The
> kernel initializes the variable to 64 at power on. During boot, if au
Hello Richard and Paul,
I was going to do a blog write up about booting the system with
audit_backlog_limit=8192 for STIG users and have stumbled on to a mystery. The
kernel initializes the variable to 64 at power on. During boot, if audit == 1,
then it holds events in the hopes that an audit d