Hi team,
I was working on leveraging the libaudit shared library to generate audit events from a user space daemon. I have been using the audit_open as well as audit_log_acct_message() API’s to send message to the kernel audit subsystem. From the man pages I understand that every message to the kernel audit subsystem would get an ACK back. Now my question is does the daemon[single threaded] consuming this libaudit for sending events using audit_log_acct_message() API be blocked until it gets an ACK back from the kernel ? If yes , is there a way to not have the application blocked during this period ? Thanks, Manoj
-- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit