Greg KH wrote:
>>>And who would really want that speed hit on their machine :)
>>>
>>>
>>Can you substantiate that? The MAC modules have a known cost, and the
>>OWLSM module is close to performance-neutral. Why should stacking all
>>this up cause a performance hit?
>>
>>
>Have people run benchmarks on the OWLSM module? I didn't realize this.
>
You're right; benchmarking OWLSM would be a worthwhile effort.
My claim that it is performance neutral is based on the architecture,
not examining the code. OWLSM imposes some very simplistic policies
system-wide, e.g. root processes cannot follow sym links under certain
conditions. These policies don't require significant lookups, and thus
the logic should be pretty trivial and fast.
Therefore, I conjecture that OWLSM imposes very small overheads at the
micro-level, and no measurable overhead at the macro level.
Anyone want to set up and run an lmbench run to verify? You need an LSM
kernel, a working OWLSM module for that kernel, and lmbench. Run lmbench
on that kernel, with and without OWLSM loaded, and report the output.
Please attach the output files that lmbench produces, in addition to any
commentary and observations. This is a good and helpful newbie project,
and does not require great skilz or hot machines.
>The last time I looked at the "stacking module" it looked like it had
>the potential to greatly slow down things, but running real benchmarks
>would be the only way to tell this.
>
That's possible.
<stirring up the hornet's nest>
* Greg: what parts of Stacker did you find that looked slow?
* David: assuming Greg comes up with concrete complaints, what is
your rebuttal?
Thanks,
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX http://wirex.com/~crispin/
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
Just say ".Nyet"
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:43:09 PST