Commit 40c0775e authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Eric Paris

audit: allow unlimited backlog queue

Since audit can already be disabled by "audit=0" on the kernel boot line, or by
the command "auditctl -e 0", it would be more useful to have the
audit_backlog_limit set to zero mean effectively unlimited (limited only by
system RAM).
Acked-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent b6cfee4c
......@@ -101,7 +101,8 @@ static __u32 audit_nlk_portid;
* audit records being dropped. */
static int audit_rate_limit;
/* Number of outstanding audit_buffers allowed. */
/* Number of outstanding audit_buffers allowed.
* When set to zero, this means unlimited. */
static int audit_backlog_limit = 64;
#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
......@@ -375,7 +376,8 @@ static int audit_set_failure(int state)
static void audit_hold_skb(struct sk_buff *skb)
{
if (audit_default &&
skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit)
(!audit_backlog_limit ||
skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
skb_queue_tail(&audit_skb_hold_queue, skb);
else
kfree_skb(skb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment