On Wed, May 3, 2023 at 5:14 PM Rinat Gadelshin <rgade...@gmail.com> wrote: > Hello there =) > > My name is Rinat. > I'm a newbie here (at Linux kernel developer community). > > My current job is to work with audit subsystem on different > versions of Linux (and different kernel versions from 3.10 to the latest) > with and without auditd. > > My program works behalf of root account and uses netlink > (unicast or multicast depends of the kernel's version) > to communicate with audit subsystem of the kernel. > > If actual audit rule list has been changed > then my program should restore the configured audit rule list. > > To do it the program periodically (with 60 seconds interval) > requests the actual rule list be sending AUDIT_LIST_RULES. > > All rules are receiving perfectly. > > But I've noticed that there are many (2K+ for 5 minutes test) > kthreadd process have been spawned after that request > (I've stubbed the poll code and compare logs).
Hi Rinat, First, a quick note that audit discussions involving the upstream Linux Kernel have moved to the au...@vger.kernel.org list (CC'd), please direct future emails there. Can you be more specific about the kernel threads you are seeing, are you seeing multiple "kauditd" threads? % ps -fC kauditd UID PID PPID C STIME TTY TIME CMD root 89 2 0 Apr28 ? 00:00:00 [kauditd] > Please, can you point me, what can I do to avoid this kthreadd-spam. > > Thank you. > > Best regards > Rinath -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
