Re: handling disk full

On Tue, 2004-12-14 at 17:06, Mounir Bsaibes wrote: > What I have currently, on disk full the auditd will notify the kernel > which sets up a flag "disk_full_flag". During audit_log_start if the > disk_full_flag is set the process will be queued in a wait queue until > auditd or auditctl reset the disk_full_flag, > I can provide more details if needed. This is the general method I am > going to use to cover this CAPP requirement. > Mounir SELinux calls the audit subsystem from hard irq (e.g. file_send_sigiotask) and at times when kernel locks are held. So what is a better solution, just kill the process? I have changed the subject of this reply to make it more meaningful to this discussion and to separate it from the audit in vfs discussion. Mounir Bsaibes Linux Security Tel: (512) 838-1301 Cell: (512) 762-9957 Fax: (512) 838-8858 e-mail: bsaibes(a)us.ibm.com Stephen Smalley <sds(a)epoch.ncsc.mil&gt; Sent by: linux-audit-bounces(a)redhat.com 12/15/2004 10:08 AM Please respond to Linux Audit Discussion To Linux Audit Discussion <linux-audit(a)redhat.com&gt; cc Subject Re: best way to audit in vfs On Tue, 2004-12-14 at 17:06, Mounir Bsaibes wrote: > What I have currently, on disk full the auditd will notify the kernel > which sets up a falg "disk_full_flag". During audit_log_start if the > disk_full_flag is set the process will be queued in a wait queue until > auditd or auditctl reset the disk_full_flag, > I can provide more details if needed. This is the general method I am > going to use to cover this CAPP requirement. > Mounir SELinux calls the audit subsystem from hard irq (e.g. file_send_sigiotask) and at times when kernel locks are held. -- Stephen Smalley <sds(a)epoch.ncsc.mil&gt; National Security Agency -- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit

-- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit