mirror of
https://github.com/torvalds/linux.git
synced 2024-12-25 12:21:37 +00:00
audit: allow unlimited backlog queue
Since audit can already be disabled by "audit=0" on the kernel boot line, or by the command "auditctl -e 0", it would be more useful to have the audit_backlog_limit set to zero mean effectively unlimited (limited only by system RAM). Acked-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
b6cfee4cce
commit
40c0775e5e
@ -101,7 +101,8 @@ static __u32 audit_nlk_portid;
|
||||
* audit records being dropped. */
|
||||
static int audit_rate_limit;
|
||||
|
||||
/* Number of outstanding audit_buffers allowed. */
|
||||
/* Number of outstanding audit_buffers allowed.
|
||||
* When set to zero, this means unlimited. */
|
||||
static int audit_backlog_limit = 64;
|
||||
#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
|
||||
static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
|
||||
@ -375,7 +376,8 @@ static int audit_set_failure(int state)
|
||||
static void audit_hold_skb(struct sk_buff *skb)
|
||||
{
|
||||
if (audit_default &&
|
||||
skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit)
|
||||
(!audit_backlog_limit ||
|
||||
skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
|
||||
skb_queue_tail(&audit_skb_hold_queue, skb);
|
||||
else
|
||||
kfree_skb(skb);
|
||||
|
Loading…
Reference in New Issue
Block a user