Paul Moore
Paul Moore
> Thanks for "Functional Testing and Verification" section in Feature Page Paul. USB disks are good examples of removable devices to trigger new events. Are there any other examples? USB...
@wmealing it has been a while since we spoke about this, but if I remember correctly you were planning on continuing work on this, any progress you can report?
Thanks for the report @Davack. What kernel were you running when you observed this? This is just a guess, but it looks like it is using $CWD in place of...
That's great, thanks @Davack!
Hi @sirotnikov, thanks for taking the time to debug this and write up your findings! I'm still thinking a bit about the problem and what some of our options might...
Hi @sirotnikov, no worries, I think we all understand what it is like to juggle multiple commitments. Why don't you go ahead and work on this, as you are comfortable,...
I suspect this may be an issue with using the shared printk_ratelimit() limiter in audit_printk_skb() and audit_log_lost(); we probably should implement an audit specific rate limit to prevent other subsystems...
Quick follow up, printk_ratelimited() is likely what we want to use as the next step.
> Has this issue been solved by #66 ("BUG: the kernel does not initialize audit before forking PID 1") ? That is obviously a source of potentially missed audit records,...
> What was the setting for audit_backlog_limit on the kernel boot command line? Unknown. This problem was reported to me in person so I don't have any additional information beyond...