Bug 454452 - RFE: Need for a audit like interface for readahead-collector
RFE: Need for a audit like interface for readahead-collector
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-08 12:05 EDT by Harald Hoyer
Modified: 2008-09-07 05:09 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-07 05:09:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Harald Hoyer 2008-07-08 12:05:16 EDT
To create an adaptive readahead 
http://fedoraproject.org/wiki/Features/30SecondStartup/ReadAheadReloaded
we need a kernel interface to gather information about which files are
open(2)'ed and exec(2)'ed in the boot process. 

In it's current implementation readahead-collector uses the audit kernel
interface. Because the audit team wants the audit interface clean and only be
used by security related messages, we need either a second channel, or a
completely different solution.

Another solution would be systemtap, but this creates the overhead of compiling
a kernel module for every new kernel, which is suboptimal.
Comment 1 Dave Jones 2008-07-08 12:45:13 EDT
I suggest taking this upstream to linux-kernel.  
RFE's in bugzilla don't really work unless you have someone already signed up to
do the implementation.
Comment 2 Chuck Ebbert 2008-07-09 14:59:39 EDT
This could be done as an enhancement to auditd, by having it write out audit
records with a given key to a separate log file.
Comment 3 Harald Hoyer 2008-07-09 15:19:29 EDT
there is no need for a logfile (a logfile would be counterproductive performance
wise)
Comment 4 Chuck Ebbert 2008-07-09 19:27:10 EDT
Then all it needs is for an option to auditd to never log events with a special
key, then use that key for all the audit events used by the readahead collector.

Not sure what the implications are for auditd though.

I assume you are removing all your audit triggers after the system is up and
running...
Comment 5 Harald Hoyer 2008-07-10 04:10:15 EDT
yes, would be cool, but the audit team doesn't "want" these events ever cross
their daemon...
Comment 6 Kyle McMartin 2008-07-10 15:14:42 EDT
How about just hacking a minimilist strace into upstart? I've (somewhat
unfortunately :) become familiar with the guts of strace to feel comfortable
implementing such a thing. Hit me up in email or irc to hash out the details if
this sounds like it would fly.

cheers, Kyle
Comment 7 Harald Hoyer 2008-07-11 03:52:10 EDT
(In reply to comment #6)
> How about just hacking a minimilist strace into upstart? I've (somewhat
> unfortunately :) become familiar with the guts of strace to feel comfortable
> implementing such a thing. Hit me up in email or irc to hash out the details if
> this sounds like it would fly.
> 
> cheers, Kyle

not an option for everydays boot process

Comment 8 Harald Hoyer 2008-09-07 05:09:35 EDT
ok, not needed anymore

Note You need to log in before you can comment on or make changes to this bug.