Re: [PATCH try #3] security: Convert LSM into a static interface

From: Serge E. Hallyn
Date: Thu Jul 19 2007 - 13:19:45 EST


Quoting Arjan van de Ven (arjan@xxxxxxxxxxxxx):
>
> > Right, the ability to boot with security.capability=disabpled (or
> > whatever) and then load a custom module without having to use a whole
> > new kernel is something I'm sure end-users want.
> >
> > Especially since compiling a kernel which works with, say, a default
> > fedora install, with lvm etc, is not imo for a novice (where novice
> > != security novice).
>
> the next step after this patch is to have an option to get rid of all
> the function pointer chasing (which is expensive) for the case where you
> know you only want one security module (which you then can turn on or
> off)... that advantage is a performance gain for a lot of people.... but
> if the person configuring the kernel selects this, it does mean there's
> no way to load modules. I don't know what Fedora will do, but they might
> select such an option. That's CHOICE...

War is peace
Freedom is slavery
Ignorance is strength
-1984

:)

Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout measurements we do not know.

> they chose a performance

> improvement over enabling external kernel modules that they don't ship
> anyway...
>
> but is it really worth blocking such clear improvements in performance?

I'm blocking nothing.

In fact I concede that this patch might force any out of tree module
authors to come to the table, which is a good thing.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/