[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#333834: linux-2.6: Please enabled "audit" support, selinux is pretty much unuseable otherwise.

On Fri, Oct 14, 2005 at 02:12:38PM +0200, Thiemo Seufer wrote:
> Erich Schubert wrote:
> > Hi,
> > > I'm not entirely sure which kernel config option this refers to, could
> > > you dig that up? That not withstanding, your suggestion seems fine to
> > > me, though I would appreciate some feedback from others. I've CCed
> > > Manoj in case he has some oppinions.
> > 
> > CONFIG_AUDIT and CONFIG_AUDIT_SYSCALL.
> > IIRC the latter allows you to disable audit logging from userspace as
> > well as configure where the logs go to (e.g. via netlink to a userspace
> > audit daemon)
> 
> AFAIR CONFIG_AUDIT_SYSCALL was disabled because of its performance
> overhead and limited usefulness. The debian-kernel list archive should
> have some discussion about it.

It was already reenabled for 2.6.13 before this request came in.
Probably by Dilinger or Walidi, perhaps they can comment on the 
performance issue.

-- 
Horms
Reply to: