audit messages when there's no audit daemon

Hi, I spent my weekend researching this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160929 I think I have a solution for the original "I can't log in" problem. There is a new one, though. It seems that the user space audit messages go to the screen after login when they don't have an audit daemon running. This leads to 4 pam state messages immediately on login, messages when you run a trusted app like passwd, or whenever hwclock runs. This is not desirable. Looking at the source code in audit.c, kauditd_thread: printk(KERN_ERR "%s\n", skb->data + NLMSG_SPACE(0)); Do we need the priority level to be that high or should it be either: 1) user adjustable: all messages types same priority 2) only AVC, USER_AVC, & SE_LINUX_ERR get that level - everything else is LOG_INFO so that syslog can optionally discard the messages 3) both meaning there are 3 knobs: SE Linux has user adjustable priority, file system and sycall has a user adjustable priority, and everything else has another. I think we've overlooked this minor usability issue. It really is ugly when there's no audit daemon. -Steve