From: Hyunchul Lee <hyc.lee@gmail.com>
To: Richard Weinberger <richard@nod.at>
Cc: kernel-team@lge.com, Artem Bityutskiy <dedekind1@gmail.com>,
adrian.hunter@intel.com, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org,
Hyunchul Lee <cheol.lee@lge.com>
Subject: Re: [PATCH] ubifs: add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels
Date: Fri, 03 Mar 2017 19:38:33 +0900 [thread overview]
Message-ID: <58B947A9.5020007@gmail.com> (raw)
In-Reply-To: <e1ee0413-9c20-b511-5cb8-453e4b0c107a@nod.at>
Hi, Richard
On 03/03/2017 04:56 PM, Richard Weinberger wrote:
> Hyunchul Lee,
>
> Am 03.03.2017 um 08:44 schrieb Hyunchul Lee:
>> From: Hyunchul Lee <cheol.lee@lge.com>
>>
>> When write syscall is called, every time security label is searched to
>> determine that file's privileges should be changed.
>> If LSM(Linux Security Model) is not used, this is useless.
>>
>> So introduce CONFIG_UBIFS_SECURITY to disable security labels. it's default
>> value is "y".
>
> Can you please explain what the benefit is and why UBIFS needs this (and why not
> all other filesystems)?
> I guess some performance issue, do you have numbers?
no, i don't have issues and profile result. but, every time when i write
4KB blocks, ubifs_xattr_get is called with "security.capabilties" for
each 4KB write. so i think that it is useless if LSM isn't used.
<7>[92028.334484] xattr_get:610: UBIFS DBG gen (pid 25746): xattr 'capability', ino 70 ('rand_5'), buf size 0
<7>[92028.334485] ubifs_lookup_level0:1183: UBIFS DBG tnc (pid 25746): search key (70, xentry, 0x10888ae6)
<7>[92028.334486] ubifs_lookup_level0:1221: UBIFS DBG tnc (pid 25746): found 0, lvl 0, n 6
and some file system such as ext4 and f2fs have a kernel config to
disable security labels. (EXT4_FS_SECURITY, F2FS_FS_SECURITY)
>
> Thanks,
> //richard
>
Thanks,
Hyunchul
prev parent reply other threads:[~2017-03-03 10:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-03 7:44 [PATCH] ubifs: add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels Hyunchul Lee
2017-03-03 7:56 ` Richard Weinberger
2017-03-03 10:38 ` Hyunchul Lee [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58B947A9.5020007@gmail.com \
--to=hyc.lee@gmail.com \
--cc=adrian.hunter@intel.com \
--cc=cheol.lee@lge.com \
--cc=dedekind1@gmail.com \
--cc=kernel-team@lge.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.