Re: [PATCH] remove sys_security

From: Russell Coker (russellat_private)
Date: Fri Oct 18 2002 - 10:06:04 PDT

  • Next message: Terry Bohaning: "Re: Please Call"

    On Fri, 18 Oct 2002 18:53, Greg KH wrote:
    > Now there is no size impact, and no performance impact if you disable
    > the config option (which is the default right now!)  I'm all for
    > dropping the syscall too, if the SELinux people, or someone else doesn't
    > speak up as to why they really need it.  The hooks have a real design
    > and purpose, as we've constantly pointed out in our documentation, and
    > they have been validated by others in their USENIX papers.
    
    I don't speak for the people who write the SE Linux kernel code.
    
    But at the moment I am doing a good chunk of the user-land SE Linux work and 
    the vast majority of distribution packaging work, so a large amount of the 
    pain of converting from a single LSM syscall to multiple syscalls would be 
    for me.
    
    For me having separate syscalls for all the SE functions will be OK just as 
    long as we get all the syscalls that are needed and that it's not excessively 
    painful to get new ones if we need more functionality.
    
    However given some of the recent comments having a multiplex syscall seems 
    like a safer option (then no-one can restrict how many syscalls we get).
    
    -- 
    http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
    http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
    http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
    http://www.coker.com.au/~russell/  My home page
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 10:07:20 PDT