On 12/13/09 11:40, Guido Trentalancia wrote:
Have you tried tuning auditd and its dispatcher which could be audispd ? So for example, try feeding audispd with the following options: q_depth: increase it from its default value (which is 80 on Redhat's recent auditd) priority_boost = 0 Finally, if things don't improve, you could also try: overflow_action = suspend Other than this I don't know how to help. Good luck.
well right now I dont really use auditd i.g. the libraries are there but the daemon is off. (I am not using fedora/redhat). In any case it's not a worry because I can go ahead and add the allow rules, moreover the main issue is the spamming of log message which might/could result in some buffer thing reason for wanting info if there is a mechanism like printk_ratelimit etc.. for Xorg.0.log Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
