Re: [PATCH 0/5] LSM hook updates

From: Stephen Smalley
Date: Fri Aug 26 2005 - 08:30:48 EST


On Fri, 2005-08-26 at 04:23 -0500, serue@xxxxxxxxxx wrote:
> Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm,
> highmem not enabled). I should hopefully have a 2way ppc available
> later today for a pair of runs.
>
> dbench and tbench were run 50 times each, kernbench and reaim 10 times
> each. Results are mean +/- 95% confidence half-interval. Kernel had
> selinux and capabilities compiled in.
>
> A little surprising: kernbench is improved, but dbench and tbench
> are worse - though within the 95% CI.

Might be interesting to roll in Chris' patch (sent separately to lsm and
selinux list) for "remove selinux stacked ops" in place of your patch,
as that will avoid the indirect call through the secondary_ops in
SELinux. At that point, you can also disable the capability module
altogether, as SELinux will just directly use the built-in cap_
functions from commoncap.

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/