On Monday 11 April 2005 12:32, David Woodhouse wrote:
... contains Chris' version of Steve's fix for
audit_log_drain(), and my
thinko in the auditfs patch fixed so the hook in permission() should
work on all file systems.
I just tested this latest kernel. It seems to handle Kris's problem much
better. I would be interested in getting feedback. Now that we are fully
using the backlog buffer, does that solve the problem? There's 2 more fixups
that we can make depending on what the feedback is.
On another note...I still don't see any shutdown messages:
[root@endeavor audit-rec]# /etc/rc.d/init.d/auditd restart
Stopping auditd: [ OK ]
Starting auditd: [ OK ]
From /var/log/messages:
Apr 11 13:37:55 localhost auditd[2766]:
The audit daemon is exiting.
Apr 11 13:37:55 localhost kernel: audit(1113241075.473:0): audit_pid=0
old=2766 by auid 4325
Apr 11 13:37:56 localhost auditd[2831]: Init complete, audit pid set to: 2831
From /var/log/audit/audit.log
type=DAEMON msg=auditd(1113241075)
auditd normal halt, pid=2766, uid=0
type=DAEMON msg=auditd(1113241076) auditd start, ver=0.7, format=raw,
pid=2831, uid=0
type=KERNEL msg=audit(1113241076.797:0): audit_enabled=1 old=1 by auid 4325
type=KERNEL msg=audit(1113241077.001:0): audit_backlog_limit=1024 old=1024 by
auid 4325
[root@endeavor ~]# uname -a
Linux endeavor 2.6.9-5.0.3.EL.audit.20 #1 Mon Apr 11 09:31:57 EDT 2005 i686
athlon i386 GNU/Linux
This is using the 686 kernel.
-Steve