[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SE/Linux] status / progress report 13jun2004

At Sun, 13 Jun 2004 19:01:46 +0200,
Christoph Hellwig wrote:
> On Sun, Jun 13, 2004 at 03:36:48PM +0000, Luke Kenneth Casson Leighton wrote:
> > * debian kernels need to be available compiled with se/linux security
> >   enabled (and boot-time optional) by default.  this results in a
> >   2% performance hit (wow big deal) when se/linux is not enabled
> >   at boot time.  Gentoo, SuSE and Fedora all accept this 2%.
> It's actually disabled again (compiled in but disabled) in SuSE because
> the performance hit was much much worse.  And I remember benchmark
> numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64
> by more than 10%.  I'd vote strongy against enabling LSM in the Debian
> kernel images.

If it's true, I agree that we don't enable it in default.

-- gotom

Reply to: