Re: [kernel.org users] [KORG] Taking hera down to deal with theload issues

[Mimi Zohar]

On Thu, 2011-08-18 at 22:14 -0700, David Miller wrote:
> From: "J.H." <warthog9@xxxxxxxxxx>
> Date: Wed, 17 Aug 2011 01:05:56 -0700
> 
> > This second kernel is at least, so far, acting a lot closer to what I'd
> > expect from hera, but the disk cache is still filling.  I'm going to
> > keep an eye on it for a bit longer tonight.  As a note, the only
> > difference between the first 3.1-rc1 kernel and the second, that is
> > currently running, was the explicit disabling of IMA and recompiling the
> > kernel.
> 
> I wonder if the IMA bits are generating crypto hashes for every file
> modification done on the machine.

Possibly, but IMA doesn't recalculate the hash for every modification.
Without the boot command line parameter 'ima_tcb', nothing should be
measured.  With 'ima_tcb', only files accessed by root are measured and
then only re-measured, if flushed from the inode cache or has been
marked changed, which occurs on __fput(), not every write.

thanks,

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/