From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: Mimi Zohar <zohar@us.ibm.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Al Viro <viro@ZenIV.linux.org.uk>,
Stephen Smalley <sds@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
Randy Dunlap <randy.dunlap@oracle.com>,
safford@watson.ibm.com, serue@linux.vnet.ibm.com,
sailer@watson.ibm.com, Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH 3/4] integrity: Linux Integrity Module(LIM)
Date: Tue, 12 Aug 2008 16:19:19 -0500 [thread overview]
Message-ID: <20080812211919.GA29721@us.ibm.com> (raw)
In-Reply-To: <20080812192741.GB18034@infradead.org>
Quoting Christoph Hellwig (hch@infradead.org):
> On Mon, Aug 11, 2008 at 12:02:55PM -0500, Serge E. Hallyn wrote:
> > > > Sorry, but I don't think we can bloat the inode even further for this.
> > >
> > > The original version of IMA was LSM based, using i_security. Based
> > > on discussions on the LSM mailing list, it was decided that the LSM hooks
> > > were meant only for access control. During the same time frame, there
> > > was a lot of work done in stacking LSM modules and i_security, but that
> > > approach was dropped. It was suggested that we define a separate set of
> > > hooks for integrity, which this patch set provides. Caching integrity
> > > results is an important aspect. Any suggestions in lieu of defining
> > > i_integrity?
> >
> > The i_integrity is only bloating the inode if LIM is enabled. Surely
> > that beats having LIM define its own hash table and locking to track
> > integrity labels on inodes? Do you have another suggestion?
> >
> > Or is the concern about having more #ifdefs in the struct inode
> > definition?
>
> No, the concern is over bloating the inode for a rather academic fringe
> feature. As this comes from IBM I'm pretty sure someone will pressure
> the big distro to turn it on.
By default?? I should hope not...
Note that these are all not loadable modules. So presumably either it's
in the kernel and enforcing, or it's not there.
> And inode growth is a concern for
> fileserving or other inode heavy workload. Mimi mentioned this is just
> a cache of information, so consider using something like XFS's mru cache
> which is used for something similar where the xfs_inode was kept small
> despite a very niche feature needing a cache attached to the inode:
>
> fs/xfs/xfs_mru_cache.c
ok, so basically as I said above
> > ... having LIM define its own hash table and locking to track
> > integrity labels on inodes?
:)
But then that is in fact the better way to go if there can be a lot
of inodes with i_integrity=NULL. It looks like IMA always allocates
something, but if I understand the idea behind templates correctly,
that isn't necessarily always the case.
thanks,
-serge
next prev parent reply other threads:[~2008-08-12 21:19 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080808184349.999902616@linux.vnet.ibm.com>
2008-08-08 18:55 ` [PATCH 1/4] integrity: TPM internel kernel interface Mimi Zohar
2008-08-09 18:46 ` Christoph Hellwig
2008-08-11 21:13 ` Mimi Zohar
2008-08-12 19:30 ` Christoph Hellwig
2008-08-12 20:57 ` Kenneth Goldman
2008-08-12 21:36 ` Alan Cox
2008-08-13 13:46 ` Kenneth Goldman
2008-08-13 13:40 ` Alan Cox
2008-08-13 14:45 ` Christoph Hellwig
2008-08-13 16:39 ` Kenneth Goldman
2008-08-12 23:16 ` Greg KH
2008-08-13 13:58 ` Kenneth Goldman
2008-08-13 16:56 ` Mimi Zohar
2008-08-14 11:12 ` Pavel Machek
2008-08-15 10:37 ` Peter Dolding
2008-08-15 18:50 ` Kenneth Goldman
2008-08-15 19:22 ` Valdis.Kletnieks
2008-08-15 21:17 ` Alan Cox
2008-08-18 15:01 ` Kenneth Goldman
2008-08-08 18:55 ` [PATCH 2/4] integrity: special fs magic Mimi Zohar
2008-08-08 19:04 ` Greg KH
2008-08-08 19:15 ` Greg KH
2008-08-08 19:50 ` Mimi Zohar
2008-08-08 23:07 ` Greg KH
2008-08-09 18:47 ` Christoph Hellwig
2008-08-10 13:48 ` Mimi Zohar
2008-08-08 19:36 ` Mimi Zohar
2008-08-08 23:15 ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-08-09 18:53 ` Christoph Hellwig
2008-08-10 13:52 ` Mimi Zohar
2008-08-11 17:02 ` Serge E. Hallyn
2008-08-11 19:08 ` Mimi Zohar
2008-08-11 19:56 ` Serge E. Hallyn
2008-08-12 8:41 ` Peter Dolding
2008-08-12 19:29 ` Christoph Hellwig
2008-08-13 10:44 ` Peter Dolding
2008-08-13 14:11 ` David Howells
2008-08-13 22:57 ` Peter Dolding
2008-08-13 17:03 ` Mimi Zohar
2008-08-12 19:27 ` Christoph Hellwig
2008-08-12 21:19 ` Serge E. Hallyn [this message]
2008-08-13 17:03 ` Mimi Zohar
2008-08-12 19:25 ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 4/4] integrity: IMA as an integrity service provider Mimi Zohar
2008-08-08 20:06 ` Randy Dunlap
2008-10-07 18:00 [PATCH 0/4] integrity Mimi Zohar
2008-10-07 18:00 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080812211919.GA29721@us.ibm.com \
--to=serue@us.ibm.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=safford@watson.ibm.com \
--cc=sailer@watson.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=serue@linux.vnet.ibm.com \
--cc=viro@ZenIV.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.