Quoting Valdis.Kletnieks@private (Valdis.Kletnieks@private): > On Tue, 07 Jun 2005 23:26:39 CDT, serue@private said: > > > The fact that stack-noselinux outperforms noselinux shows that stacker > > has (at worst, haha :) negligible performance impact. > > Certainly a non-surprising result, but one that you'll need handy to sell > it to the lkml crowd. It *does* show that the bulk of the time is in > each actual LSM - meaning that sites will be able to choose their own > trade-off between security and overhead (somehow, I see selinux+TPM+capstack > as being both more bulletproof and bigger footprint than, say, a combo like > openwall+realtime ;) Yeah, that's the combination I personally see as most useful right now. > Any great ideas/theories on how security_get_value can be speeded up? No, at this point I'm hoping for input from others. It seems pretty likely that there are more tricks like switching to fastcall that I just haven't thought of. Before that I was trying a small inline which assumes there is only one lsm, and if that proves wrong, then calls the real function. But I was never able to get the inline very small. So that still might be something to pursue. Maybe even with some small per-arch assembly code? I also tried switching the module ID to be of register size so that the registers to compare wouldn't need to be zeroed before the comparison, but it looked like the compiler was still zeroing it anyway. So again hand-written assembly would fix that, but I don't know how much time it would actually save. > > At this point I would like to forward stacker to the lkml for comment. > > Please let me know if there are any objections to that. > > Umm.. if you aren't already doing so, can you drop a fairly generic blurb into > Documentation/LSM-stacker.txt discussing the issues of generic function > composition, give a straw-man example or two of an "unexpected result", and > explain that getting it right is the sysadmin's problem? Probably should also At the moment the file Documentation/security-stacking (which I can rename LSM-stacking as you suggest) just says: LSM stacking is not a simple matter. You must consider the behavior of all stacked LSMs very carefully, as well as certain subtle effects of the LSM implementation. Please do not try to stack arbitrary modules! If you have any questions about the proper or actual behavior of modules, whether existing or ones to be written by yourself, a good place to engage in discussion is the lsm mailing list, linux-security-module@private Information about the mailing list can be found at lsm.immunix.org. I'll try to expand the section as you suggest. Thanks for the tips. thanks, -serge
This archive was generated by hypermail 2.1.3 : Wed Jun 08 2005 - 08:01:15 PDT