From: Eric Paris <eparis@redhat.com>
To: Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 1/7] audit: convert audit watches to use fsnotify instead of inotify
Date: Tue, 16 Jun 2009 11:43:58 -0400 [thread overview]
Message-ID: <1245167038.2848.25.camel@localhost.localdomain> (raw)
In-Reply-To: <1245165908.4771.2.camel@klausk.localdomain>
On Tue, 2009-06-16 at 12:25 -0300, Klaus Heinrich Kiwi wrote:
> On Fri, 2009-06-12 at 16:31 -0400, Eric Paris wrote:
> > Audit currently uses inotify to pin inodes in core and to detect when
> > watched inodes are deleted or unmounted. This patch uses fsnotify instead
> > of inotify.
> >
> > Signed-off-by: Eric Paris <eparis@redhat.com>
>
> Sorry for being lazy and not googling around, but what changes between
> inotify and fsnotify, specially in terms of filesystem auditing? Is
> there any performance/features/usability changes?
Basically, none. fsnotify is a new infrastructure on which inotify and
dnotify have been implemented. It is generic, much like the inotify.c
(as opposed to inotify_user.c) was supposed to be. But fsnotify is more
generic and better thought out.
The main drivers for fsnotify are:
1. smaller struct inode
2. equal performance (actually slightly better since we don't have to
run inotify and dnotify every time)
3. significantly better locking and object lifetime (see how much more
simple the audit watch locking gets with fsnotify in the next couple
patches?)
Note that audit watches don't use inotify to do any of the actual
auditing. They just use inotify to discover the watched files were
created or removed. So we weren't using much of the inotify feature
set.
So this patch does little but get me one step closing to kicking
inotify.c out of the kernel
-Eric
next prev parent reply other threads:[~2009-06-16 15:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-12 20:31 [PATCH 1/7] audit: convert audit watches to use fsnotify instead of inotify Eric Paris
2009-06-12 20:32 ` [PATCH 2/7] audit: redo audit watch locking and refcnt in light of fsnotify Eric Paris
2009-06-12 20:32 ` [PATCH 3/7] audit: do not get and put just to free a watch Eric Paris
2009-06-12 20:32 ` [PATCH 4/7] fsnotify: duplicate fsnotify_mark_entry data between 2 marks Eric Paris
2009-06-12 20:32 ` [PATCH 5/7] fsnotify: allow addition of duplicate fsnotify marks Eric Paris
2009-06-12 20:32 ` [PATCH 6/7] audit: reimplement audit_trees using fsnotify rather than inotify Eric Paris
2009-06-12 20:32 ` [PATCH 7/7] audit: move audit to a subdirectory Eric Paris
2009-06-16 15:25 ` [PATCH 1/7] audit: convert audit watches to use fsnotify instead of inotify Klaus Heinrich Kiwi
2009-06-16 15:43 ` Eric Paris [this message]
2009-06-16 16:09 ` Klaus Heinrich Kiwi
2009-06-19 21:03 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1245167038.2848.25.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=klausk@linux.vnet.ibm.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox