On 14/01/15, Steve Grubb wrote: > On Tuesday, January 14, 2014 05:59:16 PM Richard Guy Briggs wrote: > > Since audit can already be disabled by "audit=0" on the kernel boot line, or > > by the command "auditctl -e 0", it would be more useful to have the > > audit_backlog_limit set to zero mean effectively unlimited (limited only by > > system resources). > > I don't see a useful purpose to this.
That's up to you. On your side it is a documentation question. It is already implemented in the kernel. The rationale I thought was fairly clear. The flexibility is there. A warning would be useful. > -Steve - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
