[PATCH] fix some performance gaps in Xace

Eamon Walsh ewalsh at tycho.nsa.gov
Mon Nov 5 10:39:52 PST 2007

Alan Coopersmith wrote:
> Eamon Walsh wrote:
>> Arjan van de Ven wrote:
>>> This is only a conversion of three of the hooks; I would suggest doing 
>>> all of them this way
>>> and getting rid of the generic multiplexer entirely... but I'd like 
>>> input on that from the maintainer
>>> (who might even be motivated to do that... for me .. with this the 
>>> performance thing is solved ;)
>> The audit_begin and audit_end hooks are really only there for trusted 
>> solaris.  Now that there are DTRACE wrappers in that very same place I'm 
>> considering deprecating those hooks.  But for now I'll just apply the 
>> patch (with the camel-case names suggested)
> The DTrace probe points serve a different purpose and can't replace the
> auditing hooks.   I am surprised that no other secure environments need
> auditing though - I would have thought it was a common requirement.

They do, but it would be nice if it were handled through a separate 
auditing framework dedicated to that purpose (which is what I thought 
the DTrace stuff was for - I do see changes to the "auditTrailLevel" 
logic in the DTrace patch).  But the hooks will stay then, until such a 
framework becomes available.

Eamon Walsh <ewalsh at tycho.nsa.gov>
National Security Agency

More information about the xorg mailing list