Bug 999756
Summary: | audit log queue too small causing messages to be lost before auditd starts | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Richard Guy Briggs <rbriggs> |
Component: | kernel | Assignee: | Richard Guy Briggs <rbriggs> |
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, marcelo.barbosa, rbriggs |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-01-23 16:17:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Richard Guy Briggs
2013-08-22 04:05:27 UTC
3.7.2-201 is a rather old kernel. F18 is on 3.10.7 now, with 3.10.9 submitted for updates-testing. While it might not matter, you should probably focus on the latest kernel in each release, and I'd recommend fixing this upstream first (and getting it into rawhide that way). (In reply to Josh Boyer from comment #1) > 3.7.2-201 is a rather old kernel. F18 is on 3.10.7 now, with 3.10.9 > submitted for updates-testing. While it might not matter, you should > probably focus on the latest kernel in each release, and I'd recommend > fixing this upstream first (and getting it into rawhide that way). Agreed. I'm patching in upstream. Patch posted upstream as part of patchset to address bz990806 https://lkml.org/lkml/2013/9/18/477 oops, forgot to add other list link: https://www.redhat.com/archives/linux-audit/2013-September/msg00030.html *********** MASS BUG UPDATE ************** We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 18 kernel bugs. Fedora 18 has now been rebased to 3.11.4-101.fc18. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you have moved on to Fedora 19, and are still experiencing this issue, please change the version to Fedora 19. If you experience different issues, please open a new bug report for those. Issue is still present in f18 and f19 (and upstream). Moving to rawhide and setting keywords so we don't auto-needinfo this. The following upstream patches mostly address this issue: 40c0775 audit: allow unlimited backlog queue 51cc83f audit: add audit_backlog_wait_time configuration option f910fde audit: add kernel set-up parameter to override default backlog limit 7ecf69b audit: efficiency fix 2: request exclusive wait since all need same resource db89731 audit: efficiency fix 1: only wake up if queue shorter than backlog limit ae887e0 audit: make use of remaining sleep time from wait_for_auditd e789e56 audit: reset audit backlog wait time after error recovery One obvious remaining optimization is to start auditd earlier, but this is outside of the scope of the kernel. |