[RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough
David Miller
davem at davemloft.net
Sat Mar 8 06:34:51 UTC 2014
From: Steve Grubb <sgrubb at redhat.com>
Date: Fri, 07 Mar 2014 22:27:28 -0500
> On Friday, March 07, 2014 07:48:01 PM David Miller wrote:
>> From: Eric Paris <eparis at redhat.com>
>> Date: Fri, 07 Mar 2014 17:52:02 -0500
>>
>> > Audit is non-tolerant to failure and loss.
>>
>> Netlink is not a loss-less transport.
>
> Perhaps. But in all our testing over the years its been very good.
What I really meant by that was that there is flow control.
You can push as much data reliably over it as you want, but you have
to block when the socket limits are hit.
And I'd say you might as well make the creator of the event do the
blocking rather than making other threads do this.
More information about the Linux-audit
mailing list