From: Stephen Smalley <sds@tycho.nsa.gov>
To: "Spector, Aaron" <Aaron_Spector@mcafee.com>,
"SELinux (selinux@tycho.nsa.gov)" <selinux@tycho.nsa.gov>,
"Paul Moore (paul@paul-moore.com)" <paul@paul-moore.com>
Subject: Re: Switching to enforcing mode introduces new policy issues?
Date: Fri, 24 Apr 2015 12:36:26 -0400 [thread overview]
Message-ID: <553A710A.80804@tycho.nsa.gov> (raw)
In-Reply-To: <553A7050.3050208@tycho.nsa.gov>
On 04/24/2015 12:33 PM, Stephen Smalley wrote:
> On 04/24/2015 12:30 PM, Spector, Aaron wrote:
>> Correct, I'm not running auditd.
>>
>> Is it worth removing the printk_ratelimit call in audit_printk_skb() in audit.c for experimentation purposes? Just let it printk all the audits and if it rolls over, oh well?
>
> Sure.
We actually do that in our kernel trees for Android policy development, e.g.
https://bitbucket.org/seandroid/kernel-msm/commits/0388e1630648c481e42929135babb1dbba272e27
next prev parent reply other threads:[~2015-04-24 16:36 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-23 21:14 Switching to enforcing mode introduces new policy issues? Spector, Aaron
2015-04-23 22:19 ` Paul Moore
2015-04-24 4:12 ` Spector, Aaron
2015-04-24 4:53 ` Gaurav Gangwar
2015-04-24 13:47 ` Spector, Aaron
2015-04-24 12:17 ` Miroslav Grepl
2015-04-24 12:25 ` Stephen Smalley
2015-04-24 15:18 ` Spector, Aaron
2015-04-24 15:27 ` Stephen Smalley
2015-04-24 15:57 ` Spector, Aaron
2015-04-24 16:03 ` Stephen Smalley
2015-04-24 16:05 ` Stephen Smalley
2015-04-24 16:11 ` Stephen Smalley
2015-04-24 16:30 ` Spector, Aaron
2015-04-24 16:33 ` Stephen Smalley
2015-04-24 16:36 ` Stephen Smalley [this message]
2015-04-24 20:37 ` Spector, Aaron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=553A710A.80804@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=Aaron_Spector@mcafee.com \
--cc=paul@paul-moore.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.