Ubuntu already improved their boot time

Wed Aug 31 23:58:06 UTC 2005

Hi,
> I use inotify (needing kernel 2.6.13), the advantage is I will catch
> every file accessed in directories I monitor, the disadvantage is that
> it takes some time to setup monitoring those dirs (need one open on all
> directories, which causes some io wait).

Have you considered using the audit interface? I used that to generate
my readahead-files, actually. I had some race issues, but after some
tweaking (and fixing of some related bugs in the kernel) it now worked
okay.

I'm not sure if I needed a modified auditd. I think I used the unmodified one...
The real big issue with audit is that someone might want to use it for
something else... ;-) So I guess inotify is cleaner. But I'm not sure
about it performance-wise: what will it do when I e.g. list
/usr/share/doc ? or even when the updatedb cronjob kicks in?
Monitoring via /proc might skip these "fast" accesses.

btw, here is my auditd start script:
---
#!/bin/bash
# Boot file access auditing script
MNTDIR=/etc/audit-open/mnt

# mount ramdisk
/bin/mount -n -t tmpfs -o size=32m none $MNTDIR >/dev/null 2>&1
# disable error printk, increase backlog limit
/usr/local/sbin/auditctl -f0
/usr/local/sbin/auditctl -b256
/usr/local/sbin/auditctl -D
# start audit daemon
/usr/local/sbin/auditd
# disable error printk, increase backlog limit
/usr/local/sbin/auditctl -f1
/usr/local/sbin/auditctl -b1024
# log execve and open statements
# log only successful
/usr/local/sbin/auditctl -a entry,always -S execve
/usr/local/sbin/auditctl -a entry,possible -S open
# ignore open access to /proc
/usr/local/sbin/auditctl -a exit,never  -S open -F devmajor=0
/usr/local/sbin/auditctl -a exit,always -S open
---
and the auditd.conf:
---
#
# This file controls the configuration of the audit daemon
#

log_file = /etc/audit-open/mnt/audit.log
max_log_file = 30
log_format = RAW
flush = NONE
space_left = 1
space_left_action = IGNORE
disk_full_action = IGNORE
---

Basically this sets up a ramdisk and monitors all "open" and "execve"
calls. After all daemons have been started and some extra time has
passed I kill auditd and disable the notifications again.
Then some grep and filter magic to get the real readahead lists.

Btw: someone suggested that readahead-list could use a \0-separated
list of filenames instead of a newline separated list. While the code
for the first case would indeed get easier (and eventually bring down
readahead-list below the 1k mark) and faster (no memcpy needed any
more), I think that doesn't outweigh the drawbacks in generating the
readahead file. comments?

best regards,
Erich Schubert
--
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse