On Sun, Jan 29, 2006 at 02:09:08PM +0100, Arjan van de Ven wrote:
>
> >
> > You are taking the wrong approach.
> >
> > The _only_ question that matters is:
> > Why is it technically impossible to do the same in userspace?
> >
> > If it's technically possible to do the same in userspace, it must not be
> > done in the kernel.
>
>
> that is not a reasonable statement because...
> 1) you can do all of tcp/ip in userspace just fine
> 2) you can do the NFS server in userspace
> 3) ...
> 4) ...
>
> there are reasons why things that can be done in userspace sometimes
> still make sense to do in kernel space, performance could be one of
> those reasons, being unreasonably complex in userspace is another.
Agreed, my sentence was too general.
> Identity management to some degree belongs in the kernel, simply because
> identity *enforcing* is in the kernel. Some things related to security
> need to be in the kernel at least partially just to avoid a LOT of hairy
> issues and never ending series of security holes due to the exceptional
> complexity you get.
OK, this sounds reasonable in the cases where the enforcing is actually
in the kernel (but not in the backup daemon example from this thread).
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
