Re: Possible performance bug
On Friday 09 September 2005 17:09, Linda Knippers wrote:
Amy and I were talking earlier and it seemed to be the case that when
audit
is enabled, only new processes get audited so it would be a general
problem any time a system is booted without audit running, not
just when audit is re-enabled. Do we have that right?
I think so. The audit daemon is started pretty early so I don't think its a
huge problems. But to be sure, you could always add the audit=1 boot
parameter and it should catch everything.
I think we need to fix this going forward. The boot param is a workaround for
already released kernels.
-Steve