[PATCH] fix some performance gaps in Xace
Eamon Walsh
ewalsh at tycho.nsa.gov
Mon Nov 5 10:39:52 PST 2007
Alan Coopersmith wrote:
> Eamon Walsh wrote:
>> Arjan van de Ven wrote:
>>> This is only a conversion of three of the hooks; I would suggest doing
>>> all of them this way
>>> and getting rid of the generic multiplexer entirely... but I'd like
>>> input on that from the maintainer
>>> (who might even be motivated to do that... for me .. with this the
>>> performance thing is solved ;)
>> The audit_begin and audit_end hooks are really only there for trusted
>> solaris. Now that there are DTRACE wrappers in that very same place I'm
>> considering deprecating those hooks. But for now I'll just apply the
>> patch (with the camel-case names suggested)
>
> The DTrace probe points serve a different purpose and can't replace the
> auditing hooks. I am surprised that no other secure environments need
> auditing though - I would have thought it was a common requirement.
>
They do, but it would be nice if it were handled through a separate
auditing framework dedicated to that purpose (which is what I thought
the DTrace stuff was for - I do see changes to the "auditTrailLevel"
logic in the DTrace patch). But the hooks will stay then, until such a
framework becomes available.
--
Eamon Walsh <ewalsh at tycho.nsa.gov>
National Security Agency
More information about the xorg
mailing list