Re: [PATCH lazy audit

[James Antill <james.antill@redhat.com>]

[-- Attachment #1.1: Type: text/plain, Size: 1687 bytes --]

On Tue, 2006-08-01 at 11:22 -0400, Alexander Viro wrote:
> 	Killing audit overhead in case when no rules are loaded.  More detailed
> log (this is a composite of patch series from audit git tree, see audit.b23..
> lspp.b23 in there for individual changesets):


> [PATCH] introduce audit rules counter
> [PATCH] mark context of syscall entered with no rules as dummy
> [PATCH] don't bother with aux entires for dummy context
> [PATCH] take filling ->pid, etc. out of audit_get_context()
>     move that stuff downstream and into the only branch where it'll be
>     used.
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index 0ab26cb..55a1312 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -159,7 +159,7 @@ char * getname(const char __user * filen
>  #ifdef CONFIG_AUDITSYSCALL
>  void putname(const char *name)
>  {
> -	if (unlikely(current->audit_context))
> +	if (unlikely(!audit_dummy_context()))
>  		audit_putname(name);
>  	else
>  		__putname(name);
[...]
> +extern int audit_n_rules;
>  #else
>  #define audit_alloc(t) ({ 0; })
>  #define audit_free(t) do { ; } while (0)
>  #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
>  #define audit_syscall_exit(f,r) do { ; } while (0)
> +#define audit_dummy_context() 0
>  #define audit_getname(n) do { ; } while (0)
>  #define audit_putname(n) do { ; } while (0)
>  #define __audit_inode(n,i) do { ; } while (0)

 This should be:

+#define audit_dummy_context() 1

...no?

-- 
James Antill - <james.antill@redhat.com>
setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...);
setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...);
setsockopt(fd, SOL_SOCKET,  SO_ATTACH_FILTER, ...);


[-- Attachment #1.2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]