summaryrefslogtreecommitdiff
path: root/include/uapi
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2016-11-29 16:53:25 -0500
committerPaul Moore <paul@paul-moore.com>2016-12-14 13:06:04 -0500
commitc6480207fdf7b61de216ee23e93eac0a6878fa74 (patch)
tree30f4f77634a5564c6a7adbd5d953ba9ffc207769 /include/uapi
parentaf8b824f283de5acc9b9ae8dbb60e4adacff721b (diff)
audit: rework the audit queue handling
The audit record backlog queue has always been a bit of a mess, and the moving the multicast send into kauditd_thread() from audit_log_end() only makes things worse. This patch attempts to fix the backlog queue with a better design that should hold up better under load and have less of a performance impact at syscall invocation time. While it looks like there is a log going on in this patch, the main change is the move from a single backlog queue to three queues: * A queue for holding records generated from audit_log_end() that haven't been consumed by kauditd_thread() (audit_queue). * A queue for holding records that have been sent via multicast but had a temporary failure when sending via unicast and need a resend (audit_retry_queue). * A queue for holding records that haven't been sent via unicast because no one is listening (audit_hold_queue). Special care is taken in this patch to ensure that the proper record ordering is preserved, e.g. we send everything in the hold queue first, then the retry queue, and finally the main queue. Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/uapi')
0 files changed, 0 insertions, 0 deletions