Re: [SE/Linux] status / progress report 13jun2004
At Sun, 13 Jun 2004 19:01:46 +0200,
Christoph Hellwig wrote:
> On Sun, Jun 13, 2004 at 03:36:48PM +0000, Luke Kenneth Casson Leighton wrote:
> > * debian kernels need to be available compiled with se/linux security
> > enabled (and boot-time optional) by default. this results in a
> > 2% performance hit (wow big deal) when se/linux is not enabled
> > at boot time. Gentoo, SuSE and Fedora all accept this 2%.
> It's actually disabled again (compiled in but disabled) in SuSE because
> the performance hit was much much worse. And I remember benchmark
> numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64
> by more than 10%. I'd vote strongy against enabling LSM in the Debian
> kernel images.
If it's true, I agree that we don't enable it in default.