[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: announce: readahead-1.4



>  >  The code is not tested with FC7, because libauparse (from
>  >  audit-libs-devel) is broken in FC7 now.

Right, audit 1.5 should be out soon and has the hidden variable problem fixed. If
you link statically, I don't think there is a problem. Never-the-less 1.5 will be
out soon.

>I don't have any numbers (yet), but I expect that audit rules for all
> open(), stat(), ... have a negative performance impact for kernel.

Yes, they do have an impact. But depending on what's needed, they can probably be
combined to 1 rule.

> The second problem is that auditd removes all rules during start up.

That can be fixed if we needed to.

> I think for FC7 it's fine keep it for advanced uses only. I hope we will
> found a way how integrate the collector to distro.

Actually, I think we could probably fix this too, but may need some time to
address a couple kernel problems that this would impose. We might want to change
the audit rule evaluation strategy to do all rules rather than first match. This
is so that the rules for boot monitoring won't interfere with rules for security
monitoring. There might be a few other tweaks, too.

-Steve


 
____________________________________________________________________________________
It's here! Your new message!  
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]