Re: [PATCH v2] audit: report audit wait metric in audit status reply
On 2020-12-07 18:28, Steve Grubb wrote:
Hello Max,
On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote:
> Steve, I'm happy to make changes to the userspace PR based on
> Richard's suggestions, if that sounds good to you. I'll follow up in
> the PR to discuss it more
The only issue is new userspace on old kernel. I think if we use both the
configure macro in addition to a size check, then it will at least allow
forward and backward compatibility.
Are you talking about a new userspace compiled on a new kernel header
file run on an old kernel? That would be less reliable and need the
size check. The bitmap would be the most reliable in that scenario.
By configure macro are you talking about the presence of that audit
status mask bit, or the presence of that struct audit_status member?
Other metrics would be good. I'd like to see a max_backlog to
know if we are
wasting memory. It would just record the highwater mark since auditing was
enabled.
That would be covered with this issue:
https://github.com/linux-audit/audit-kernel/issues/63
-Steve
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635