Can AUDIT_LIST_RULES causes kthreadd-spam?
Rinat Gadelshin
rgadelsh at gmail.com
Wed May 3 21:14:08 UTC 2023
Hello there =)
My name is Rinat.
I'm a newbie here (at Linux kernel developer community).
My current job is to work with audit subsystem on different
versions of Linux (and different kernel versions from 3.10 to the latest)
with and without auditd.
My program works behalf of root account and uses netlink
(unicast or multicast depends of the kernel's version)
to communicate with audit subsystem of the kernel.
If actual audit rule list has been changed
then my program should restore the configured audit rule list.
To do it the program periodically (with 60 seconds interval)
requests the actual rule list be sending AUDIT_LIST_RULES.
All rules are receiving perfectly.
But I've noticed that there are many (2K+ for 5 minutes test)
kthreadd process have been spawned after that request
(I've stubbed the poll code and compare logs).
Please, can you point me, what can I do to avoid this kthreadd-spam.
Thank you.
Best regards
Rinath
More information about the Linux-audit
mailing list