Hello.
Casey Schaufler wrote:
> There is work required to audit, SELinux, and LSM that will be
> required before Smack or any other module can really use audit
> properly. Smack using audit would be nice, but there are already
> interesting cases that don't require it. I have fixing up audit
> on my todo list, and have made some proposals. It will require
> a group effort between audit, SELinux, Smack, and LSM.
Is there a option to queue audit logs for audit_log_start() ?
I was advised to use auditing subsystem for TOMOYO Linux and I followed the
advise.
But some users complain about the access log flooding on the console when
auditd is not running.
I'm considering /sys/kernel/security/tomoyo/{grant_log,reject_log} interface
because TOMOYO's original interface has queueing feature (to avoid flooding on
the console).
I wish auditing subsystem could suppress printing audit logs when auditd is not
running.
Regards.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
