aboutsummaryrefslogtreecommitdiff
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorRichard Guy Briggs2013-10-22 13:28:49 -0400
committerEric Paris2014-01-13 22:30:38 -0500
commit40c0775e5ea47667db497565b79a8dc154530992 (patch)
tree882d62ba73b6a4ab80449127cb2060dce64ffe74 /kernel/audit.c
parentb6cfee4cce25d8d2cc06c69f0de2b61d4b2249b3 (diff)
audit: allow unlimited backlog queue
Since audit can already be disabled by "audit=0" on the kernel boot line, or by the command "auditctl -e 0", it would be more useful to have the audit_backlog_limit set to zero mean effectively unlimited (limited only by system RAM). Acked-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 0d4865a50171..72bc1d0d1d0d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -101,7 +101,8 @@ static __u32 audit_nlk_portid;
* audit records being dropped. */
static int audit_rate_limit;
-/* Number of outstanding audit_buffers allowed. */
+/* Number of outstanding audit_buffers allowed.
+ * When set to zero, this means unlimited. */
static int audit_backlog_limit = 64;
#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
@@ -375,7 +376,8 @@ static int audit_set_failure(int state)
static void audit_hold_skb(struct sk_buff *skb)
{
if (audit_default &&
- skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit)
+ (!audit_backlog_limit ||
+ skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
skb_queue_tail(&audit_skb_hold_queue, skb);
else
kfree_skb(skb);