Kernel runtime security instrumentation
Kernel runtime security instrumentation
Posted Sep 7, 2019 22:17 UTC (Sat) by kpsingh (subscriber, #112411)In reply to: Kernel runtime security instrumentation by Cyberax
Parent article: Kernel runtime security instrumentation
> We are doing performance comparisons and it's not.
> Then improve it. Translate audit rules into BPF and run them.
> Then improve it. Translate audit rules into BPF and run them.
Feel free to go that route and suggest / make improvements to audit. Audit does not meet our other key requirement of having the MAC and signaling (auditing) possible with a single API, which is something that you are not constrained by (based on your comments)