Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 17 Oct 2002 18:55:04 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 17 Oct 2002 18:55:04 -0400 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:60424 "EHLO www.linux.org.uk") by vger.kernel.org with ESMTP id ; Thu, 17 Oct 2002 18:54:58 -0400 Message-ID: <3DAF412A.7060702@pobox.com> Date: Thu, 17 Oct 2002 19:00:58 -0400 From: Jeff Garzik User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andreas Steinmetz CC: "David S. Miller" , greg@kroah.com, hch@infradead.org, torvalds@transmeta.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] remove sys_security References: <20021017195015.A4747@infradead.org> <20021017185352.GA32537@kroah.com> <20021017.131830.27803403.davem@redhat.com> <3DAF3EF1.50500@domdv.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1807 Lines: 48 Andreas Steinmetz wrote: > David S. Miller wrote: > >> The more I look at LSM the more and more I dislike it, it sticks it's >> fingers everywhere. Who is going to use this stuff? %99.999 of users >> will never load a security module, and the distribution makers are >> going to enable this NOP overhead for _everyone_ just so a few telcos >> or government installations can get their LSM bits? >> > > I'm going to ignore the overhead stated above here. And please take the > following as a comment/personal opinion you may as well ignore. But I'm > somewhat irritated, so: > > > So users are dumb in general, why not apply the "Single user linux" > patch? If you don't remember: http://www.surriel.com/potm/apr2001.shtml > > > Honestly, if you don't offer a patchless option to tighter security you > can't estimate usage. > > Given that LSM becomes a standard part of the kernel it would be easy > for distros to offer "trusted" installations based on LSM. And in this > case advanced security will spread. No offense, please, but I really think David is being very reasonable. The normal "Linux way" is to have zero overhead unless something is actually used -- witness spinlocks on UP versus SMP. Regardless of whether some people feel the "majority" will be using LSM at some point in the future, David's point is very valid today, and for some time to come. Finally, I was under the impression that Greg KH agreed that it is possible to eliminate this overhead? Maybe I recall incorrectly. Respectfully, Jeff - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/