Audit buffering and rate limiting
by Sven Vermeulen, post on Sun 10 May 2015Be it because of SELinux experiments, or through general audit experiments, sometimes you'll get in touch with a message similar to the following:
audit: audit_backlog=321 > audit_backlog_limit=320
audit: audit_lost=44395 audit_rate_limit=0 audit_backlog_limit=320
audit: backlog limit exceeded
The message shows up when certain audit events could not be …
The weird "audit_access" permission
by Sven Vermeulen, post on Sun 19 May 2013While writing up the posts on capabilities, one thing I had in my mind was to give some additional information on frequently occurring denials, such as the dac_override and dac_read_search capabilities, and when they are triggered. For the DAC-related capabilities, policy developers often notice that these capabilities are triggered without …