openstack
/
openstack-ansible-security
Code Issues Proposed changes
openstack-ansible-security/doc/source/developer-notes/V-38543.rst

445 B
Raw Blame History

Exception

The audit rules which monitor chmod, fchmod, and fchmodat syscalls can cause high CPU and I/O load during OpenStack-Ansible deployments and while updating packages with apt. By default, these rules are disabled.

These audit rules can be enabled by setting any of the following variables:

security_audit_DAC_chmod: yes
security_audit_DAC_fchmod: yes
security_audit_DAC_fchmodat: yes