From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH 00/15] Rework tty audit
Date: Sun, 20 Dec 2015 19:39:04 -0500
Message-ID: <4568123.PiWQmDAB4z@sifl>
References: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
	[10.5.110.29])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id tBL0d8rr025549
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Sun, 20 Dec 2015 19:39:08 -0500
Received: from mail-qk0-f195.google.com (mail-qk0-f195.google.com
	[209.85.220.195])
	by mx1.redhat.com (Postfix) with ESMTPS id 1E884461D3
	for <linux-audit@redhat.com>; Mon, 21 Dec 2015 00:39:06 +0000 (UTC)
Received: by mail-qk0-f195.google.com with SMTP id p187so12669230qkd.3
	for <linux-audit@redhat.com>; Sun, 20 Dec 2015 16:39:06 -0800 (PST)
In-Reply-To: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Peter Hurley <peter@hurleysoftware.com>
Cc: Peter Zijlstra <peterz@infradead.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Oleg Nesterov <oleg@redhat.com>, linux-audit@redhat.com, Jiri Slaby <jslaby@suse.cz>, Ingo Molnar <mingo@redhat.com>
List-Id: linux-audit@redhat.com

On Tuesday, November 10, 2015 09:05:45 PM Peter Hurley wrote:
> Hi Greg,
> 
> This patch series overhauls tty audit support. The goal was to simplify
> and speed up tty auditing, which was a significant performance hit even
> when disabled.
> 
> The main features of this series are:
> * Remove reference counting; the purpose of reference counting the per-
>   process tty_audit_buf was to prevent premature deletion if the
>   buffer was in-use when tty auditing was exited for the process.
>   However, since the process is single-threaded at tty_audit_exit(),
>   the buffer cannot be in-use by another thread. Patch 11/15.
> * Remove functionally dead code, such as tty_put_user(). Patch 2/15.
> * Atomically modify tty audit enable/disable flags to support lockless
>   read. Patch 9/15.
> 
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
>     for patch 9/15 which removes an audit field from the signal_struct.
> 
> Cc: Oleg Nesterov <oleg@redhat.com>
>     to confirm my understanding of the single-threadedness of
>     if (group_dead) tty_audit_exit(), called from do_exit(). Patch 11/15
> 
> Requires: "tty: audit: Fix audit source"

This is definitely more of a tty patchset than it is an audit patchset, but it 
all looks reasonable to me from an audit perspective.

-- 
paul moore
www.paul-moore.com