Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

On Tue, 2005-08-30 at 10:18 -0500, Dustin Kirkland wrote: > Ok, then anyone who disagrees with failing the syscall speak up now... > If this is the preferred operation, please say so. Klaus--I, too, am > calling for your input. While it can be one of the configurable options for panic, failing the system call is not enough in all cases. Due to the requirement that the system must not loose audit record, the system must panic, when resources are exhausted. Refer to the linux-audit archive of January 2005. https://www.redhat.com/archives/linux-audit/2005-January/msg00030.html Similar issue was discussed for what to do when audit log is full and what to do when kernel resources are exhausted.