On my laptop, syscall(SYS_getpid) takes 241.65 ns if syscall auditing is on (even with no rules) and and 70-ish ns if syscall auditing is off. On my desktop, getpid takes ~65.5 ns on a default Fedora configuration (I think -- this system has been through a few upgrades), but if I do auditctl -a task,never (which is a hack that Oleg Nesterov rigged up fairly recently), getpid goes down to 40.37 ns. I think that, for users who don't have any manually configured audit rules, running every system call through the system call slow path is a poor tradeoff. Please consider changing the default rules (in /etc/audit/audit.rules or wherever the best place is) to '-a task,never'. Users who configure syscall auditing for real can easily remove that rule and replace it with whatever they want.
See bug 1102403 for some previous discussion.
Moved to here: https://fedorahosted.org/fesco/ticket/1311
But that doesn't really work in general. Meaning that you have to pass it a pid. The easiest and best solution is to just not enable auditing if you don't need it.
Why do I need to pass it a pid? Is there another clean way to disable auditing by default without breaking setroubleshootd?
*** This bug has been marked as a duplicate of bug 1117953 ***