Arjan van de Ven wrote:
On Wed, 2006-03-22 at 22:58 +0800, Yi Yang wrote:
This patch implements a new connector, Filesystem Event Connector,
the user can monitor filesystem activities via it, currently, it
can monitor access, attribute change, open, create, modify, delete,
move and close of any file or directory.
how is this not redundant functionality with the audit subsystem ?
If you open Audit option, audit subsystem will audit all the syscalls,
so it adds big overhead for the whole system,
but Filesystem Event Connector just concerns those operations related to
the filesystem, so it has little overhead,
moreover, audit subsystem is a complicated function block, it not only
sends audit results to netlink interface, but also
send them to klog or syslog, so it will add big overhead.
I think you can look File Event Connector as subset of audit subsystem,
but File Event Connector is a very lightweight
subsystem.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]