Possible performance bug
Steve Grubb
sgrubb at redhat.com
Thu Sep 8 21:56:45 UTC 2005
Hi,
I was looking at the case where a user boots up with audit daemon installed.
It turns on auditing. This means that all processes that fork will start
getting a context built. Then the user decides to do a benchmark and turns
the audit system off by auditctl -e 0.
The system doesn't really get performance back as if auditing was never turned
on. If you look at audit_syscall_exit, there is this check:
if (likely(!context))
goto out;
Don't all the running processes still have a context? Shouldn't this also have
a check that if audit_enabled == 0, that the context is reclaimed and context
set to NULL? What reaps the context for these processes. They all still seem
to be penalized.
-Steve
More information about the Linux-audit
mailing list