This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: converting audit subsystem to markers for systemtap access
- From: "Frank Ch. Eigler" <fche at redhat dot com>
- To: Steve Grubb <sgrubb at redhat dot com>
- Cc: systemtap at sources dot redhat dot com, dwmw2 at redhat dot com, Alexander Viro <aviro at redhat dot com>
- Date: Sun, 21 Oct 2007 16:54:40 -0400
- Subject: Re: converting audit subsystem to markers for systemtap access
- References: <y0mr6jomlbh.fsf@ton.toronto.redhat.com> <200710211632.09505.sgrubb@redhat.com>
Hi -
On Sun, Oct 21, 2007 at 04:32:08PM -0400, Steve Grubb wrote:
> On Sunday 21 October 2007 13:25:38 Frank Ch. Eigler wrote:
> [...]
> > David/Steve, does this sound interesting enough to explore in code?
>
> Not sure - I've never used system tap, so I don't know exactly what it does.
(See http://sources.redhat.com/systemtap/documentation.htm.)
> I'd suggest discussing this on linux-audit mail list since this can impact
> our next CC eval and I'm not the one it could impact the most. Please CC Al
> Viro since he's doing the audit kernel work these days.
OK. I omitted linux-audit@ because linux/MAINTAINERS lists it as a
"subscriber-only" mailing list.
> In general, the audit system is not something I'd like to see messed
> with. [...]
Understood. As far as the audit code were concerned, it would add one
layer of function-call indirection, with no behavioral changes at all.
Adopting markers would merely permit other applications to listen in
to the same events too, without having to add more and more hooks.
- FChE