Re: [PATCH try #3] security: Convert LSM into a static interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Arjan van de Ven ([email protected]):
> 
> > Right, the ability to boot with security.capability=disabpled (or
> > whatever) and then load a custom module without having to use a whole
> > new kernel is something I'm sure end-users want.
> > 
> > Especially since compiling a kernel which works with, say, a default
> > fedora install, with lvm etc, is not imo for a novice (where novice
> > != security novice).
> 
> the next step after this patch is to have an option to get rid of all
> the function pointer chasing (which is expensive) for the case where you
> know you only want one security module (which you then can turn on or
> off)... that advantage is a performance gain for a lot of people.... but
> if the person configuring the kernel selects this, it does mean there's
> no way to load modules. I don't know what Fedora will do, but they might
> select such an option. That's CHOICE...

War is peace
Freedom is slavery
Ignorance is strength
	-1984

:)

Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case?  Of course it makes sense that it would,
but witjout measurements we do not know.

> they chose a performance

> improvement over enabling external kernel modules that they don't ship
> anyway...
> 
> but is it really worth blocking such clear improvements in performance?

I'm blocking nothing.

In fact I concede that this patch might force any out of tree module
authors to come to the table, which is a good thing.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux