Re: [RFC] [PATCH] [1/6] LSM Stacking: Replace LSM void* with arrays

From: Chris Wright
Date: Thu Nov 04 2004 - 17:55:05 EST

Next message: Chris Wright: "Re: [RFC] [PATCH] [5/6] LSM Stacking: SELinux LSM stacking support"
Previous message: John McGowan: "Re: Kernel 2.6.9: i810 video"
In reply to: Serge Hallyn: "Re: [RFC] [PATCH] [1/6] LSM Stacking: Replace LSM void* with arrays"
Next in thread: Serge Hallyn: "Re: [RFC] [PATCH] [3/6] LSM Stacking: capability LSM stackingsupport"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Serge Hallyn (hallyn@xxxxxxxxx) wrote:
> The attached patch replaced the LSM security fields on kernel
> objects with an array of pointers, so that more than 1 LSM
> can annotate information on kernel objects.

This will add (default) 12 extra bytes to each LSM tagged object
(including inodes, which a quick snapshot on my system is ~365000 inodes ==
~4M). Also, I don't think the assignment loop should be exposed to core.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: [RFC] [PATCH] [5/6] LSM Stacking: SELinux LSM stacking support"
Previous message: John McGowan: "Re: Kernel 2.6.9: i810 video"
In reply to: Serge Hallyn: "Re: [RFC] [PATCH] [1/6] LSM Stacking: Replace LSM void* with arrays"
Next in thread: Serge Hallyn: "Re: [RFC] [PATCH] [3/6] LSM Stacking: capability LSM stackingsupport"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]