28 Jul
2019
28 Jul
'19
4:10 a.m.
On Sun, 2019-07-28 at 10:32 +0200, Holger Marzen wrote:
On Sun, 28 Jul 2019, Ralf Mardorf wrote:
I don't know what exactly the kernel parameter 'audit=0' does, perhaps
it does the job. I also don't know if disabling the spectre mitigations
for newer kernels, provides a faster path when disabling audit, let
alone that I'm not sure that even on an old machine without meltdown and
spectre mitigations, but an old kernel with CONFIG_AUDIT disabled, has
got noticeable impact on audio performance. I just build my old kernels
with disabling it by the kernel config. FWIW those using snaps should
consider to keep audit enabled:
Old:
https://lists.ubuntu.com/archives/snapcraft/2017-January/002219.html
Nowadays:
"Since version 2.36, snapd enabled AppArmor support for Arch Linux. In
order to use it, you have to enable AppArmor in your system, see
AppArmor#Installation.
Note: If AppArmor isn't enabled in your system then all snaps will run
in devel mode which mean they will have same, unrestricted access to
your system as apps installed from Arch Linux repositories." -
https://wiki.archlinux.org/index.php/Snap#Installation
On Sun, 28 Jul 2019 08:40:07 +0200 (CEST), Holger
Marzen wrote:
Can I disable it on the kernel command line if it's compiled in the kernel? "nohz=off threadirqs noibrs noibpb nopti
nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable
no_stf_barrier mds=off mitigations=off quiet splash"
With those spectre mitigations turned off, it still might be of value
to disable audit, see
https://lists.archlinux.org/pipermail/arch-general/2018-September/045580.ht….