David S. Miller wrote: >There is a very important fundamental difference to the USB case. >It eats zero space in my kernel when I have no USB devices. >CONFIG_USB=m works as designed! > >CONFIG_SECURITY=m still does not exist, so distribution makers have to >make a y vs. n choice. > This was our design goal for LSM: to be as minimally intrusive to the kernel as possible. We would LOVE to have a zero-footprint solution that allowed users to enable LSM when they need it. More precisely, LSM is that mechanism intended to impose as little overhead as possible with no modules loaded, and provide adequate access to the modules when they are loaded. LSM is not zero-footprint, but it is as low as we could make it. We are interested in ways to reduce the footprint, but that reduction needs to be looked at in cost/benefit terms: changes that have very little impact on footprint, but high impact on the functionality of the LSM interface. If you remove this system call, you will save almost nothing in kernel resources, but do a lot of damage to functionality. On the other hand, the complaints about the typing of the arguments are well taken, in the context of 32/64-bit porting issues. So what types should the arguments be? Abstractly, they are integers, in the mathematical sense. What is the preferred word-size-portalbe way to express that? Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 01:02:17 PDT