Re: Willing to change LSM so secondary defaults correct

• Previous message: David Wheeler: "Re: Willing to change LSM so secondary defaults correct"
• Next in thread: Greg KH: "Re: Willing to change LSM so secondary defaults correct"
• Reply: Greg KH: "Re: Willing to change LSM so secondary defaults correct"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Crispin Cowan wrote:

> Greg KH wrote:
>> And who would really want that speed hit on their machine :)
>>
> Can you substantiate that? The MAC modules have a known cost, and the 
> OWLSM module is close to performance-neutral. Why should stacking all 
> this up cause a performance hit?


My last two emails (on combining capability hooks)
were about slightly exotic techniques to
improve performance when combining modules without using the stacking module,
and still having the secondary defaults be "correct".

Crispen has a point - it may be that the stacking module has
such a small performance impact that it's negligeable.
If that's true, we can forget the exotic stuff - simple is better!!
IE: If it's a primary module, take over, and if it's not a primary module,
let the primary do what it's going to do.  The defaults for
secondaries are still not correct, though, so I still believe
my OWLSM patch for secondaries (or a variant of it) is needed.

My test machine has disappeared, so I'm setting up a new test machine
so I can rewrite stacker and measure its performance.
If the performance impact is small (< 5%), then it's not clear
that _any_ exotic technique is justified.  Instead, let people:
1. load single existing LSM modules
2. stack them, or
3. Create a new LSM module that merges things "by hand"
    to wring out performance.  Thus, any time the stacker overhead
    gets too bad, you write code.

I guess a simple benchmark is the "untar and recompile the kernel"
benchmark.  I can run the benchmark (1) with OWLSM as the primary
(which embeds capability), and (2) using stacker, and with two
secondaries (OWLSM patched + capability).  That should be
a pretty fair test to show what the overhead is.

If the overhead is really awful, then those who want "partial mixing"
could probably control it with module parameters -- that would be
more flexible anyway, and would probably be more useful even if
you never stack any modules (e.g., use OWLSM alone and not calling
capability at all).

It will probably take me a little while to set up a whole system
and try things out.  I'm loading up Red Hat Linux 8.0, and then
will throw in the new 2.5 kernel with the LSM patches.
Hopefully, it will all still work :-).



--- David A. Wheeler
     dwheelerat_private


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Oliver Tennert: "SELinux SuSE 8.1 RPMs"
• Previous message: David Wheeler: "Re: Willing to change LSM so secondary defaults correct"
• Next in thread: Greg KH: "Re: Willing to change LSM so secondary defaults correct"
• Reply: Greg KH: "Re: Willing to change LSM so secondary defaults correct"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:52:40 PST