[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Possible performance bug



> The only problem I see is when audit is re-enabled, we need a way to
> start getting the TIF_SYSCALL_AUDIT flag set again for already
> running processes. For example, suppose apache was of interest and
> audit was disabled. The above code would remove the flag. Then when
> audit is re-enabled, we need to set the flag again. I'm looking for a
> low impact way of doing this. Still thinking.

Does the problem also exist when audit is first enabled?  Amy and I
were talking earlier and it seemed to be the case that when audit is
enabled, only new processes get audited so it would be a general
problem any time a system is booted without audit running, not
just when audit is re-enabled.  Do we have that right?

-- ljk


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]