Truncated log entries
Stephen Smalley
sds at epoch.ncsc.mil
Wed Oct 27 17:26:35 UTC 2004
On Wed, 2004-10-27 at 13:24, Valdis.Kletnieks at vt.edu wrote:
> Are you perchance on an SMP system (which includes a 1-CPU HT)? There's a few
> race conditions when processes on both/multiple processors printk() at the same
> time. Other possibility is a burst of traffic wrapped the kernel syslog buffer
> before klogd read it. On recent kernels, you can tune how big the buffer is at
> kernel build time with CONFIG_LOG_BUF_SHIFT (16 for a 64K buffer, 17 for 128K,
> etc).
SELinux was migrated from using printk to using the kernel audit
framework developed by RedHat a while back. We started getting bug
reports about truncated audit messages not long after...
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list