Re: [Announce] Non Invasive Kernel Monitor for threads/processes

From: Chris Wright
Date: Tue Jun 15 2004 - 20:13:51 EST

Next message: Todd Poynor: "[PATCH] Export pm_suspend"
Previous message: Dona J. Barnett: "Powerful weightloss now available where you are."
In reply to: Sabharwal, Atul: "RE: [Announce] Non Invasive Kernel Monitor for threads/processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Sabharwal, Atul (atul.sabharwal@xxxxxxxxx) wrote:
>
> How does auditing work in the event of a process failure ? There would
> be
> no system call triggered in that case. Also, my initial thoughts are

Correct. Currently the main audit user is selinux, which gets
indication of the process death from LSM.

> that the non-invasive Kmonitor is lesser performance impact when
> compared
> to auditing. I would spend some time developing sample code to confirm
> it.

Yes it's possible, but the audit context is per task, and can be
filtered per task, so overhead should only effect the tasks you care
about.

> I have not looked at the task ornament patch. If you could send me a
> link.

I have nothing more recent than you'll find in google, sorry.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Todd Poynor: "[PATCH] Export pm_suspend"
Previous message: Dona J. Barnett: "Powerful weightloss now available where you are."
In reply to: Sabharwal, Atul: "RE: [Announce] Non Invasive Kernel Monitor for threads/processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]