From: Steve Grubb <sgrubb@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH V4 0/4] audit by executable name
Date: Tue, 23 Sep 2014 18:11:36 -0400 [thread overview]
Message-ID: <11116789.I0FMu89VOf@x2> (raw)
In-Reply-To: <20140923043233.GE26201@madcap2.tricolour.ca>
On Tuesday, September 23, 2014 12:32:33 AM Richard Guy Briggs wrote:
> On 14/09/08, Eric Paris wrote:
> > On Mon, 2014-09-08 at 14:53 -0400, Steve Grubb wrote:
> > > On Sunday, August 24, 2014 06:34:04 PM Richard Guy Briggs wrote:
> > > > This is a part of Peter Moody, my and Eric Paris' work to implement
> > > > audit by executable name.
> > >
> > > So, what's the status on this? Is it scheduled for the next upstream
> > > kernel? This is a feature that's been missing for a long time. Many
> > > people will find this useful.
> > >
> > > Also, has anyone beside Richard been testing this?
> >
> > I tested it when I wrote it. But don't know about this patch series.
> > Is that worth anything? :)
>
> Do you still have the test procedure and the results?
The way that we tested other features being added to the kernel was to set up
looping shell script that stress the system. Some thing similar for this
addition would:
add the rule, sleep, delete the rule
list the rule, sleep, list the rules, list the rules
start the app, sleep, term the app
All 3 scripts would loop over and over for hours simultaneously. The idea is
to provoke a race between inserting/deleting/listing rules and actually
recording an event. You are looking for an oops, livelock, deadlock, or some
other noticeable problem. I think Al would let something like this run over
night before trusting it. The idea is to provoke problems that would affect
normal operation.
-Steve
prev parent reply other threads:[~2014-09-23 22:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-24 22:34 [PATCH V4 0/4] audit by executable name Richard Guy Briggs
2014-08-24 22:34 ` [PATCH V4 1/4] audit: implement audit by executable Richard Guy Briggs
2014-08-24 22:34 ` [PATCH V4 2/4] audit: clean simple fsnotify implementation Richard Guy Briggs
2014-08-24 22:34 ` [PATCH V4 3/4] audit: convert audit_exe to audit_fsnotify Richard Guy Briggs
2014-08-24 22:34 ` [PATCH V4 4/4] audit: avoid double copying the audit_exe path string Richard Guy Briggs
2014-09-08 18:53 ` [PATCH V4 0/4] audit by executable name Steve Grubb
2014-09-08 19:25 ` Eric Paris
2014-09-23 4:32 ` Richard Guy Briggs
2014-09-23 22:11 ` Steve Grubb [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11116789.I0FMu89VOf@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox