Re: Way too many logs!
On Fri, 09 May 2008 16:20:44 EDT, Jeremy Leonard said:
-a exit,always -S sched_setparam -S sched_setscheduler -k RULE7
type=SYSCALL msg=audit(04/25/08 16:37:48.568:194518) : arch=i386
syscall=_newselect
OK, I'll bite - why is a select() syscall tripping sched_setparam or
sched_setschdeduler?
Or more importantly - are those two cutting audit events for the wrong reasons?
(In other words, should the kernel be doing the "trim it to only user-initiated
changes" that Steve Grubb suggested 'uid>500' as a workaround?
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)