Re: Willing to change LSM so secondary defaults correct

From: David Wheeler (dwheelerat_private)
Date: Fri Dec 27 2002 - 07:45:16 PST

  • Next message: Oliver Tennert: "SELinux SuSE 8.1 RPMs"

    Crispin Cowan wrote:
    
    > Greg KH wrote:
    >> And who would really want that speed hit on their machine :)
    >>
    > Can you substantiate that? The MAC modules have a known cost, and the 
    > OWLSM module is close to performance-neutral. Why should stacking all 
    > this up cause a performance hit?
    
    
    My last two emails (on combining capability hooks)
    were about slightly exotic techniques to
    improve performance when combining modules without using the stacking module,
    and still having the secondary defaults be "correct".
    
    Crispen has a point - it may be that the stacking module has
    such a small performance impact that it's negligeable.
    If that's true, we can forget the exotic stuff - simple is better!!
    IE: If it's a primary module, take over, and if it's not a primary module,
    let the primary do what it's going to do.  The defaults for
    secondaries are still not correct, though, so I still believe
    my OWLSM patch for secondaries (or a variant of it) is needed.
    
    My test machine has disappeared, so I'm setting up a new test machine
    so I can rewrite stacker and measure its performance.
    If the performance impact is small (< 5%), then it's not clear
    that _any_ exotic technique is justified.  Instead, let people:
    1. load single existing LSM modules
    2. stack them, or
    3. Create a new LSM module that merges things "by hand"
        to wring out performance.  Thus, any time the stacker overhead
        gets too bad, you write code.
    
    I guess a simple benchmark is the "untar and recompile the kernel"
    benchmark.  I can run the benchmark (1) with OWLSM as the primary
    (which embeds capability), and (2) using stacker, and with two
    secondaries (OWLSM patched + capability).  That should be
    a pretty fair test to show what the overhead is.
    
    If the overhead is really awful, then those who want "partial mixing"
    could probably control it with module parameters -- that would be
    more flexible anyway, and would probably be more useful even if
    you never stack any modules (e.g., use OWLSM alone and not calling
    capability at all).
    
    It will probably take me a little while to set up a whole system
    and try things out.  I'm loading up Red Hat Linux 8.0, and then
    will throw in the new 2.5 kernel with the LSM patches.
    Hopefully, it will all still work :-).
    
    
    
    --- David A. Wheeler
         dwheelerat_private
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:52:40 PST