diff options
author | Paul Moore <paul@paul-moore.com> | 2016-11-29 16:53:25 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-12-14 13:06:04 -0500 |
commit | c6480207fdf7b61de216ee23e93eac0a6878fa74 (patch) | |
tree | 30f4f77634a5564c6a7adbd5d953ba9ffc207769 /include/uapi | |
parent | af8b824f283de5acc9b9ae8dbb60e4adacff721b (diff) |
audit: rework the audit queue handling
The audit record backlog queue has always been a bit of a mess, and
the moving the multicast send into kauditd_thread() from
audit_log_end() only makes things worse. This patch attempts to fix
the backlog queue with a better design that should hold up better
under load and have less of a performance impact at syscall
invocation time.
While it looks like there is a log going on in this patch, the main
change is the move from a single backlog queue to three queues:
* A queue for holding records generated from audit_log_end() that
haven't been consumed by kauditd_thread() (audit_queue).
* A queue for holding records that have been sent via multicast but
had a temporary failure when sending via unicast and need a resend
(audit_retry_queue).
* A queue for holding records that haven't been sent via unicast
because no one is listening (audit_hold_queue).
Special care is taken in this patch to ensure that the proper
record ordering is preserved, e.g. we send everything in the hold
queue first, then the retry queue, and finally the main queue.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/uapi')
0 files changed, 0 insertions, 0 deletions