mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-11-04 04:50:17 +00:00
44cbd38650
Two things to note here: we unfortunately can't just exec audit, because something needs to load the rules in beforehand. Second, it also dies if it can't re-nice itself, so we have to give it CAP_SYS_NICE as well as the audit caps. I didn't add this to the default linuxkit.yml because the linuxkit/audit repo doesn't exist yet, but we should probably (?) do that. Additionally, we should provide the kernel parameter audit=1, otherwise according to auditd's man pages, we can't audit some early tasks. Closes #52 Signed-off-by: Tycho Andersen <tycho@docker.com>
13 lines
239 B
Plaintext
13 lines
239 B
Plaintext
## First rule - delete all
|
|
-D
|
|
|
|
## Increase the buffers to survive stress events.
|
|
## Make this bigger for busy systems
|
|
-b 8192
|
|
|
|
## This determine how long to wait in burst of events
|
|
--backlog_wait_time 0
|
|
|
|
## Set failure mode to syslog
|
|
-f 1
|