Re: [SE/Linux] status / progress report 13jun2004

To: Christoph Hellwig <hch@lst.de>
Cc: debian-devel@lists.debian.org, SE-Linux <selinux@tycho.nsa.gov>, debian-user@lists.debian.org
Subject: Re: [SE/Linux] status / progress report 13jun2004
From: GOTO Masanori <gotom@debian.or.jp>
Date: Mon, 14 Jun 2004 09:19:32 +0900
Message-id: <[🔎] 81brjnng8b.wl@omega.webmasters.gr.jp>
In-reply-to: <[🔎] 20040613170146.GA14854@lst.de>
References: <[🔎] 20040613153648.GB26207@lkcl.net> <[🔎] 20040613170146.GA14854@lst.de>

At Sun, 13 Jun 2004 19:01:46 +0200,
Christoph Hellwig wrote:
> On Sun, Jun 13, 2004 at 03:36:48PM +0000, Luke Kenneth Casson Leighton wrote:
> > * debian kernels need to be available compiled with se/linux security
> >   enabled (and boot-time optional) by default.  this results in a
> >   2% performance hit (wow big deal) when se/linux is not enabled
> >   at boot time.  Gentoo, SuSE and Fedora all accept this 2%.
> 
> It's actually disabled again (compiled in but disabled) in SuSE because
> the performance hit was much much worse.  And I remember benchmark
> numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64
> by more than 10%.  I'd vote strongy against enabling LSM in the Debian
> kernel images.

If it's true, I agree that we don't enable it in default.

Regards,
-- gotom

Reply to:

References:
- [SE/Linux] status / progress report 13jun2004
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
- Re: [SE/Linux] status / progress report 13jun2004
  - From: Christoph Hellwig <hch@lst.de>

Prev by Date: Re: Packaging a program with several plugins, each with different dependencies
Next by Date: -rpath and policy?
Previous by thread: Re: [SE/Linux] status / progress report 13jun2004
Next by thread: Re: [SE/Linux] status / progress report 13jun2004
Index(es):
- Date
- Thread