Ubuntu already improved their boot time
Erich Schubert
erich.schubert at gmail.com
Thu Sep 1 00:26:48 UTC 2005
Hi,
> No... but good idea, can you have multiple audit's monitoring at the
> same time?
Probably. It's a kernel netlink socket.
But the configuration is not per listener, but for all, so if one
decides it's finished it'll disable the auditing for all of them. So
it's more of experimental nature, if anyone wants to make a readahead
list for his system.
Also it requires root privileges, I guess inotify doesn't.
One of the things I wanted with audit, which unfortunately did not
work (maybe it's fixed or added by now) is to filter out accesses by
filesystem. Accesses to /proc really flooded my logs, and caused
dropped messages on the netlink socket!
> Use a memory mapped file when scanning, I find that practical when
> parsing simple files anyway.
I do that, but I need to have 0-terminated strings for the filenames,
so I need to copy them to a buffer and make them 0-terminated. That is
exactly the memcpy I do.
best regards,
Erich Schubert
--
erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
To understand recursion you first need to understand recursion. //\
Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_
eine Stunde wie eine Heimat aus. --- Herrmann Hesse
More information about the initscripts-ng-devel
mailing list