From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH V1] audit: add warning that an old auditd may be starved out by a new auditd
Date: Mon, 14 Sep 2015 15:37:56 -0400
Message-ID: <19236209.prUueVMe32@sifl>
References: <5e786f07b6d8a19927c70345c14bd1a452164d38.1441644314.git.rgb@redhat.com> <CAHC9VhQd9pT7uQnL8jGQawmEjQM8YvqkXaqKxFy0KuPWnMOGQA@mail.gmail.com> <20150913160819.GT8140@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20150913160819.GT8140@madcap2.tricolour.ca>
Sender: linux-kernel-owner@vger.kernel.org
To: Richard Guy Briggs <rgb@redhat.com>
Cc: v.rathor@gmail.com, linux-kernel@vger.kernel.org, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Sunday, September 13, 2015 12:08:19 PM Richard Guy Briggs wrote:
> On 15/09/11, Paul Moore wrote:
> > Although I suppose if nothing else we could send a record indicating
> > that another auditd attempted to replace it ... if we can send it
> > great, drop the new request and be glad we audited it, if we can't
> > send it, reset the auditd tracking.
> 
> This is actually a good idea.

This would go well with your last patch to try harder on netlink send 
failures.  On a related note, with the merge window closed I just rotated the 
audit tree so that patch is now in linux-audit#next.

-- 
paul moore
www.paul-moore.com