Re: [PATCH] remove sys_security

From: David Wagner (daw@mozart.cs.berkeley.edu)
Date: Thu Oct 17 2002 - 16:54:49 EST


David S. Miller wrote:
>Who is going to use this stuff? %99.999 of users
>will never load a security module, and the distribution makers are
>going to enable this NOP overhead for _everyone_ just so a few telcos
>or government installations can get their LSM bits?

I don't understand how anyone can possibly know that.
It's true that today very few users use security modules,
but the Linux kernel doesn't support loadable security modules
today, so it would be unreasonable to use today's figures to
estimate likely future usage.

>This doesn't make any sense to me, including LSM appears to be quite
>against one of the basic maxims of Linux kernel ideology if you ask me
>:-) (said maxim is: If %99 of users won't use it, they better not
>even notice it is there or be affected by it in any way)

Ahh, good. Then you should be pretty happy with the current LSM
framework. I believe that users who don't load a LSM module won't
notice anything. For example, the LSM folks have several performance
measurements that show that the performance overhead of LSM is basically
negligible, so that's one way that users won't notice it is there.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:37 EST