[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Auditing io_uring

Auditing io_uring

Posted Jun 3, 2021 20:46 UTC (Thu) by JanC_ (guest, #34940)
In reply to: Auditing io_uring by willy
Parent article: Auditing io_uring

But how many would need both hyper-detailed audit support and hyper-fast I/O?

to post comments

Auditing io_uring

Posted Jun 3, 2021 20:50 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

A database server with important information might want fast IO and good security/auditing support.

Auditing io_uring

Posted Jun 3, 2021 22:05 UTC (Thu) by andresfreund (subscriber, #69562) [Link] (1 responses)

Seems unlikely that kernel level audit support for individual read/write operations would be useful for a database server. The audit information wouldn't contain enough context (which client, how did they authorize, what statement), and the audit operations would often end up far from the user actions due to the database buffer pools. Including IO potentially happening in different processes/threads from the user action.

Auditing io_uring

Posted Jun 3, 2021 23:04 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Typically you want audit for other stuff, to detect and trace intrusions into the overall system.

Auditing io_uring

Posted Jun 14, 2021 0:27 UTC (Mon) by bartoc (guest, #124262) [Link]

a huge percentage of users. SELinux depends on AUDIT, and basically all managed linux systems have that on. All Fedora, Red Hat, and Ubuntu systems have either SELinux or AppArmor turned on by default, with various levels of enforcement and permissiveness in their settings.

I doubt anyone really needs audit support for async reads and writes but lacking file open and close operations would add a pretty trivial way around selinux.

Further the whole point of selinux is defense in depth should some application get compromised, and there are lots of applications that are network accessible and require fast IO, or want async IO that has the model of io_uring.

Auditing io_uring

Posted Jun 14, 2021 16:18 UTC (Mon) by flussence (guest, #85566) [Link]

If it were possible to have both at the same time, MS Windows probably wouldn't be as miserably slow as it is with active antivirus scanners that intercept file ops. That's a problem they've been saddled with for an extremely long time and not for lack of resources.

Auditing io_uring

Posted Jun 21, 2021 0:23 UTC (Mon) by roblucid (guest, #48964) [Link]

Someone who wants auditting won't be happy if it can be circumvented using different system calls.
Everyone cares about performance sometimes, even those audit crazy types, so the best solution is to make auditting low over head.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds