lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jan 2019 08:34:35 +0000 From: "Sverdlin, Alexander (Nokia - DE/Ulm)" <alexander.sverdlin@...ia.com> To: Paul Moore <pmoore@...hat.com>, "linux-audit@...hat.com" <linux-audit@...hat.com>, Richard Guy Briggs <rbriggs@...hat.com> CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Daniel Borkmann <daniel@...earbox.net>, Alexei Starovoitov <ast@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] audit: always enable syscall auditing when supported and audit is enabled Hello Paul, On 08/12/2015 17:42, Paul Moore wrote: > To the best of our knowledge, everyone who enables audit at compile > time also enables syscall auditing; this patch simplifies the Kconfig > menus by removing the option to disable syscall auditing when audit > is selected and the target arch supports it. > > Signed-off-by: Paul Moore <pmoore@...hat.com> this patch is responsible for massive performance degradation for those who used only CONFIG_SECURITY_APPARMOR. And the numbers are, take the following test for instance: dd if=/dev/zero of=/dev/null count=2M ARM64: 500MB/s -> 350MB/s ARM: 400MB/s -> 300MB/s (with some particular CPU frequencies). Should we revert this patch? > --- > init/Kconfig | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > > > -- > Linux-audit mailing list > Linux-audit@...hat.com > https://www.redhat.com/mailman/listinfo/linux-audit > > diff --git a/init/Kconfig b/init/Kconfig > index c24b6f7..d4663b1 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -299,20 +299,15 @@ config AUDIT > help > Enable auditing infrastructure that can be used with another > kernel subsystem, such as SELinux (which requires this for > - logging of avc messages output). Does not do system-call > - auditing without CONFIG_AUDITSYSCALL. > + logging of avc messages output). System call auditing is included > + on architectures which support it. > > config HAVE_ARCH_AUDITSYSCALL > bool > > config AUDITSYSCALL > - bool "Enable system-call auditing support" > + def_bool y > depends on AUDIT && HAVE_ARCH_AUDITSYSCALL > - default y if SECURITY_SELINUX > - help > - Enable low-overhead system-call auditing infrastructure that > - can be used independently or with another kernel subsystem, > - such as SELinux. > > config AUDIT_WATCH > def_bool y > -- Best regards, Alexander Sverdlin.
Powered by blists - more mailing lists