From mboxrd@z Thu Jan  1 00:00:00 1970
From: Amy Griffis <amy.griffis@hp.com>
Subject: Re: audit 1.2.7 released
Date: Tue, 19 Sep 2006 17:05:30 -0400
Message-ID: <20060919210530.GA20125@fc.hp.com>
References: <200609182013.40133.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k8JL5ndM020938
	for <linux-audit@redhat.com>; Tue, 19 Sep 2006 17:05:50 -0400
Received: from atlrel6.hp.com (atlrel6.hp.com [156.153.255.205])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k8JL5hX1022421
	for <linux-audit@redhat.com>; Tue, 19 Sep 2006 17:05:43 -0400
Received: from smtp2.fc.hp.com (smtp-test.fc.hp.com [15.11.136.114])
	by atlrel6.hp.com (Postfix) with ESMTP id 6AADE3830D
	for <linux-audit@redhat.com>; Tue, 19 Sep 2006 17:05:38 -0400 (EDT)
Received: from ldl.fc.hp.com (linux-bugs.fc.hp.com [15.11.146.30])
	by smtp2.fc.hp.com (Postfix) with ESMTP id 3E29B72E78
	for <linux-audit@redhat.com>; Tue, 19 Sep 2006 21:05:38 +0000 (UTC)
Received: from localhost (ldl.lart [127.0.0.1])
	by ldl.fc.hp.com (Postfix) with ESMTP id 19D6E134149
	for <linux-audit@redhat.com>; Tue, 19 Sep 2006 15:05:38 -0600 (MDT)
Received: from ldl.fc.hp.com ([127.0.0.1])
	by localhost (ldl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 14176-01 for <linux-audit@redhat.com>;
	Tue, 19 Sep 2006 15:05:34 -0600 (MDT)
Content-Disposition: inline
In-Reply-To: <200609182013.40133.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Steve Grubb wrote:  [Mon Sep 18 2006, 08:13:40PM EDT]
> Please let me know if there are any problems with this release.

I'm seeing some truncated audit records, e.g.

type=DAEMON_END msg=audit(1158669003.740:6165) auditd normal halt,
sending auid=1001 pid=32268 subj=user_u:system_r:initrc_t:s0 res=suc

which should continue with something like

cess, auditd pid=6785

There are some static buffer sizes in auditd.c that look way too small
given that libselinux defines the max context size as

#define DEFAULT_CONTEXT_SIZE 255

I think this is an existing problem, and not new to 1.2.7.

Thanks,
Amy