Date: Wed, 5 Oct 2005 15:31:59 -0400 (EDT)
From: James Morris <jmorris@namei.org>
To: David Howells <dhowells@redhat.com>
cc: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
       keyrings@linux-nfs.org, linux-kernel@vger.kernel.org,
       Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management 
In-Reply-To: <30441.1128530889@warthog.cambridge.redhat.com>
Message-ID: <Pine.LNX.4.63.0510051529280.23676@excalibur.intercode>
References: <Pine.LNX.4.63.0510051241580.23070@excalibur.intercode> 
 <29942.1128529714@warthog.cambridge.redhat.com>  <30441.1128530889@warthog.cambridge.redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 990
Lines: 31

On Wed, 5 Oct 2005, David Howells wrote:

> > Any reason why this is configurable?
> 
> Well, I saw that the network stuff was. I can make it non-configurable.
> 
> > Why wouldn't someone want this?
> 
> Speed/latency? But I suppose that's not really a factor.

Yes, the networking is for performance, especially from when we used to 
register Netfilter hooks from within LSM.  I don't know of any distros 
that enable LSM but disable networking so we should probably think about 
removing that as well.

> What about the security ops for keys that I've made available? Does doing it
> that way seem reasonable?

Not sure yet, need to spend some time looking at this from an SELinux 
point of view.


- James
-- 
James Morris
<jmorris@namei.org>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/