Re: [TOMOYO #15 0/8] TOMOYO Linux

From: Toshiharu Harada
Date: Mon Feb 23 2009 - 03:13:51 EST

Next message: Cyrill Gorcunov: "Re: kernel building procedure changed?"
Previous message: Paul Menage: "Re: [PATCH] Remove some pointless conditionals before kfree() in kernel/cgroup.c"
In reply to: Pavel Machek: "Re: [TOMOYO #15 0/8] TOMOYO Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Machek wrote:

On Sun 2009-02-22 23:27:34, Tetsuo Handa wrote:
Pavel Machek wrote:
On Thu 2009-02-12 16:34:16, James Morris wrote:
On Thu, 5 Feb 2009, Kentaro Takeda wrote:

TOMOYO Linux is a name-based MAC extension (LSM module) for the Linux kernel.

Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

Does that mean tomoyo is scheduled for 2.6.30?

TOMOYO is already in linux-next tree and ready to go into 2.6.30 .

Last time I looked it included script parser and some
interpretter... Was that solved?
Pavel

Are you talking about the interface between
userland and kernel regarding string data?

Linus once said in a Smack thread (http://lkml.org/lkml/2007/11/5/129)

On Sun, Nov 04, 2007 at 12:28:48PM +0000, Pavel Machek wrote:
> Can we avoid string parsers in the kernel?

Ok, Could someone suggest a better idea please ?.

I personally think string parsers are *much* better than the alternatives (which basically boil down to nasty binary interfaces)

I thought about packing the rules in a structure and sending
it over an ioctl() command. Is this applicable ?

That's *MUCH* worse.

Strings are nice. They aren't that complex, and as long as it's not a performance-critical area, there are basically no downsides.

Binary structures and ioctl's are *much* worse. They are totally undebuggable with generic tools (think "echo" or "strace"), and they are a total nightmare to parse across architectures and pointer sizes.

So the rule should be: always use strings if at all possible and relevant.
If the data is fundamentally binary, it shouldn't be re-coded to ascii
(no real advantage), but if the data is "stringish", and there aren't
big performance issues, then keep it as strings.

Admiring your concern, I would like to follow the above directions.

Best regards,
Toshiharu Harada

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cyrill Gorcunov: "Re: kernel building procedure changed?"
Previous message: Paul Menage: "Re: [PATCH] Remove some pointless conditionals before kfree() in kernel/cgroup.c"
In reply to: Pavel Machek: "Re: [TOMOYO #15 0/8] TOMOYO Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]