Audit / Netlink slowness
Bernardo Innocenti
bernie at develer.com
Thu Jun 16 02:02:31 UTC 2005
Steve G wrote:
>>"su" connects to a NETLINK_AUDIT socket 3 or 4 times.
>>Each time it does 2 sendto() + recvfrom() operations,
>>with a latency of ~200ms. This adds up to 800ms wasted
>>time.
>
>
> I see a way to get rid of 1 sendto and put it in the error path. This way people
> without audit support (which would be rare for this distro) would get the extra
> sendto. This would solve the common use problem. You really need audit compiled
> in for SE Linux avc messages to be full and complete.
>
> I also see a few *minor* issues in the kernel that might save a couple clock
> cycles, but no magic bullet.
I could use this issue as an excuse to finally learn how
oprofile works. Hopefully I'll be able to provide a
useful clue...
--
// Bernardo Innocenti - Develer S.r.l., R&D dept.
\X/ http://www.develer.com/
More information about the devel
mailing list