Discussion Forums: Open Discussion
Search this forum:
Thread Title:TOMOYO audit logs
Subject:[#32887] RE: TOMOYO audit logsBy:Tetsuo Handa (kumaneko)
Thank you for your opinion.
Starting /usr/lib/ccs/ccs-auditd at /sbin/ccs-init would be possible
if /var/ partition is mounted read-write and /usr/ partition is mounted read-only,
but these partitions have to be mounted read-only at that moment
because fsck is called at /etc/rc.d/rc.sysinit .
TOMOYO can hold access logs up to MAX_GRANT_LOG and MAX_REJECT_LOG entries
in the kernel memory so that access logs won't be lost
when these partitions are not ready to write.
Post a followup to message [#32887] RE: TOMOYO audit logs: