Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments

From: Miroslav Lichvar
Date: Mon Aug 27 2018 - 03:50:31 EST

Next message: Borislav Petkov: "Re: [PATCH] x86/microcode: allow non-root reading of microcode version and processor flags"
Previous message: Peter Zijlstra: "Re: [PATCH 3/4] mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE"
In reply to: Ondrej Mosnacek: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Next in thread: Ondrej Mosnacek: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 24, 2018 at 02:00:00PM +0200, Ondrej Mosnacek wrote:
> This patch adds two auxiliary record types that will be used to annotate
> the adjtimex SYSCALL records with the NTP/timekeeping values that have
> been changed.

It seems the "adjust" function intentionally logs also calls/modes
that don't actually change anything. Can you please explain it a bit
in the message?

NTP/PTP daemons typically don't read the adjtimex values in a normal
operation and overwrite them on each update, even if they don't
change. If the audit function checked that oldval != newval, the
number of messages would be reduced and it might be easier to follow.

--
Miroslav Lichvar

Next message: Borislav Petkov: "Re: [PATCH] x86/microcode: allow non-root reading of microcode version and processor flags"
Previous message: Peter Zijlstra: "Re: [PATCH 3/4] mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE"
In reply to: Ondrej Mosnacek: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Next in thread: Ondrej Mosnacek: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]