1
Commit Graph

4 Commits

Author SHA1 Message Date
Eric Paris
e08b061ec0 Audit: reorganize struct audit_watch to save 8 bytes
pahole showed that struct audit_watch had two holes:

struct audit_watch {
        atomic_t                   count;                /*     0     4 */

        /* XXX 4 bytes hole, try to pack */

        char *                     path;                 /*     8     8 */
        dev_t                      dev;                  /*    16     4 */

        /* XXX 4 bytes hole, try to pack */

        long unsigned int          ino;                  /*    24     8 */
        struct audit_parent *      parent;               /*    32     8 */
        struct list_head           wlist;                /*    40    16 */
        struct list_head           rules;                /*    56    16 */
        /* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */

        /* size: 72, cachelines: 2, members: 7 */
        /* sum members: 64, holes: 2, sum holes: 8 */
        /* last cacheline: 8 bytes */
};      /* definitions: 1 */

by moving dev after count we save 8 bytes,  actually improving cacheline
usage.  There are typically very few of these in the kernel so it won't be
a large savings, but it's a good thing no matter what.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-09-24 03:50:25 -04:00
Eric Paris
9d96098510 Audit: clean up all op= output to include string quoting
A number of places in the audit system we send an op= followed by a string
that includes spaces.  Somehow this works but it's just wrong.  This patch
moves all of those that I could find to be quoted.

Example:

Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
key="number2" list=4 res=0

Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
key="number2" list=4 res=0

Signed-off-by: Eric Paris <eparis@redhat.com>
2009-06-24 00:00:52 -04:00
Eric Paris
35fe4d0b1b Audit: move audit_get_nd completely into audit_watch
audit_get_nd() is only used  by audit_watch and could be more cleanly
implemented by having the audit watch functions call it when needed rather
than making the generic audit rule parsing code deal with those objects.

Signed-off-by: Eric Paris <eparis@redhat.com>
2009-06-23 23:51:05 -04:00
Eric Paris
cfcad62c74 audit: seperate audit inode watches into a subfile
In preparation for converting audit to use fsnotify instead of inotify we
seperate the inode watching code into it's own file.  This is similar to
how the audit tree watching code is already seperated into audit_tree.c

Signed-off-by: Eric Paris <eparis@redhat.com>
2009-06-23 23:50:59 -04:00