richard offer wrote: >I really don't like the idea of forcing the use of the /proc filesystem >just to enable the use of LSM. > >This could affect the uptake of LSM in the embedded space. Do we have any evidence from real embedded guys that they actually want to use non-trivial LSM modules? (Non-trivial enough that they need to be controlled through /proc, that is.) I don't know whether there are any embedded folks on this list, but maybe this isn't even a problem. If it is a problem, we can decide what to do then. Even if it is a problem, well, we might decide as a group that it's better have a clean solution that leaves embedded guys unable to use LSM modules than have an ugly solution that supports embedded guys. >And using /proc is going to be slower than a system call, which maybe okay >for Janus, could for other policies, SELinux ? I remember discussing this at length last time we talked about this (deja vu all over again?). My vague recollection is that I wasn't convinced that /proc was going to be slower than a syscall, and I wasn't convinced that most uses of a special syscall would be performance critical anyway. But, maybe this is selective recall; I could be wrong. The only way to settle this is through measurements. Without measurements, I'd be concerned that we could easily fall into the pitfall of premature optimization (which, as we all know, is the root of all evil...). _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 16:41:34 PDT