On Thu, Dec 26, 2002 at 09:23:17PM -0800, Crispin Cowan wrote: > >> 3. capabilities + OWLSM + MAC: where "MAC" is one of SELinux, LIDS, > >> DTE, or SubDomain, etc. Users taking active steps to enhance > >> security with MAC. > >> > >> > >And playing with fire. Who's going to ever agree to say that their > >module will work just fine stacking with an unknown list of other > >modules. > > > Who said "unknown"? It is intended to be a known set of modules. The > "etc." above is intended to say that the set of MAC vendors is not a > closed club. Ah, I did not get the "known" part from your comment, my mistake. > >And who would really want that speed hit on their machine :) > > > Can you substantiate that? The MAC modules have a known cost, and the > OWLSM module is close to performance-neutral. Why should stacking all > this up cause a performance hit? Have people run benchmarks on the OWLSM module? I didn't realize this. The last time I looked at the "stacking module" it looked like it had the potential to greatly slow down things, but running real benchmarks would be the only way to tell this. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:44:13 PST