Re: [PATCH] audit: allow unlimited backlog queue
On 14/01/15, Steve Grubb wrote:
On Tuesday, January 14, 2014 05:59:16 PM Richard Guy Briggs wrote:
> Since audit can already be disabled by "audit=0" on the kernel boot line,
or
> by the command "auditctl -e 0", it would be more useful to have the
> audit_backlog_limit set to zero mean effectively unlimited (limited only by
> system resources).
I don't see a useful purpose to this.
That's up to you. On your side it is a documentation question. It is
already implemented in the kernel. The rationale I thought was fairly
clear. The flexibility is there. A warning would be useful.
-Steve
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545