From: Greg KH <greg@kroah.com>
To: Christoph Hellwig <hch@infradead.org>,
Russell Coker <russell@coker.com.au>,
Valdis.Kletnieks@vt.edu, linux-kernel@vger.kernel.org,
linux-security-module@wirex.com
Subject: Re: [PATCH] remove sys_security
Date: Fri, 18 Oct 2002 09:53:51 -0700 [thread overview]
Message-ID: <20021018165350.GC7286@kroah.com> (raw)
In-Reply-To: <20021018173339.A7481@infradead.org>
On Fri, Oct 18, 2002 at 05:33:39PM +0100, Christoph Hellwig wrote:
>
> And exactly these hooks harm. They are all over the place, have performance
> and code size impact and mess up readability. Why can't you just maintain
> an external patch like i.e. mosix folks that nead similar deep changes?
They do not have performance impacts (with the minor exception of
networking, which has been talked about before), and now they do not
have any size impact. As for readability, that is also not an issue.
And no, we do not want to maintain an external patch, as that's not what
this project is about. At the first kernel summit, Linus said he wanted
this patch to allow people to pick their own security model (so we
didn't have to end up with SELinux as a default, vs. LIDS, vs.
SubDomain, vs. whatever.) At the second kernel summit, this patch was
again talked about, and was stated that it would be accepted, as we met
the goals initially talked about (mediation of kernel objects, not
syscalls or auditing.)
The whole idea of this patch is for it to be in the kernel, having it
external, doesn't help anyone out, they might as well just do their own
thing, like they were doing before.
Now there is no size impact, and no performance impact if you disable
the config option (which is the default right now!) I'm all for
dropping the syscall too, if the SELinux people, or someone else doesn't
speak up as to why they really need it. The hooks have a real design
and purpose, as we've constantly pointed out in our documentation, and
they have been validated by others in their USENIX papers.
I know you've never liked this patch, I'm sorry. Lots of other people
do :)
thanks,
greg k-h
next prev parent reply other threads:[~2002-10-18 16:48 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-17 18:50 [PATCH] remove sys_security Christoph Hellwig
2002-10-17 18:53 ` Greg KH
2002-10-17 18:58 ` Christoph Hellwig
2002-10-17 19:07 ` Greg KH
2002-10-17 20:04 ` Christoph Hellwig
2002-10-17 20:10 ` Greg KH
2002-10-17 20:12 ` Christoph Hellwig
2002-10-18 7:04 ` Crispin Cowan
2002-10-18 7:07 ` David S. Miller
2002-10-18 8:31 ` Crispin Cowan
2002-10-18 8:29 ` David S. Miller
2002-10-18 12:52 ` Christoph Hellwig
2002-10-18 15:04 ` Greg KH
2002-10-19 2:05 ` Crispin Cowan
2002-10-18 7:11 ` Greg KH
2002-10-18 7:28 ` Alexander Viro
2002-10-18 9:02 ` Crispin Cowan
2002-10-18 13:05 ` Christoph Hellwig
2002-10-18 15:14 ` Valdis.Kletnieks
2002-10-18 15:18 ` Christoph Hellwig
2002-10-18 16:30 ` Russell Coker
2002-10-18 16:33 ` Christoph Hellwig
2002-10-18 16:53 ` Greg KH [this message]
2002-10-18 16:54 ` Russell Coker
2002-10-18 17:15 ` Stephen Smalley
2002-10-18 22:36 ` Chris Wright
2002-10-21 13:54 ` Mike Wray
2002-10-21 14:09 ` Christoph Hellwig
2002-10-21 16:44 ` Mike Wray
2002-10-21 17:36 ` Christoph Hellwig
2002-10-18 20:36 ` David Wagner
2002-10-18 17:44 ` Stephen Smalley
2002-10-18 16:38 ` Russell Coker
2002-10-18 16:52 ` Richard B. Johnson
2002-10-18 9:09 ` David Wagner
2002-10-18 10:14 ` Russell Coker
2002-10-18 12:50 ` Christoph Hellwig
2002-10-17 20:30 ` Jeff Garzik
2002-10-17 21:00 ` Russell Coker
2002-10-17 21:10 ` Jeff Garzik
2002-10-17 21:37 ` Russell Coker
2002-10-17 21:49 ` Alexander Viro
2002-10-17 22:14 ` Russell Coker
2002-10-17 22:22 ` Andreas Dilger
2002-10-23 0:35 ` Stephen C. Tweedie
2002-10-23 11:43 ` Russell Coker
2002-10-23 11:59 ` Stephen C. Tweedie
2002-10-23 14:27 ` Stephen Smalley
2002-10-23 14:54 ` Stephen C. Tweedie
2002-10-23 16:09 ` Stephen Smalley
2002-10-23 16:24 ` Christoph Hellwig
2002-10-23 16:34 ` Stephen Smalley
2002-10-23 16:36 ` Christoph Hellwig
2002-10-23 16:51 ` Stephen Smalley
2002-10-24 6:26 ` Nathan Scott
2002-10-24 8:45 ` Russell Coker
2002-10-17 20:45 ` Russell Coker
2002-10-21 13:57 ` Alan Cox
2002-10-21 21:12 ` Crispin Cowan
2002-10-21 21:17 ` Greg KH
2002-10-22 12:22 ` Stephen Smalley
2002-10-17 20:20 ` Russell Coker
2002-10-17 20:27 ` Christoph Hellwig
2002-10-17 20:28 ` Greg KH
2002-10-17 19:05 ` Alexander Viro
2002-10-17 20:18 ` David S. Miller
2002-10-17 20:36 ` Greg KH
2002-10-17 20:38 ` David S. Miller
2002-10-17 20:58 ` Greg KH
2002-10-17 20:58 ` David S. Miller
2002-10-17 22:09 ` Greg KH
2002-10-17 22:07 ` David S. Miller
2002-10-17 22:19 ` Greg KH
2002-10-18 8:00 ` Crispin Cowan
2002-10-18 7:57 ` David S. Miller
2002-10-18 13:08 ` Christoph Hellwig
2002-10-17 21:54 ` David Wagner
2002-10-17 22:36 ` David S. Miller
2002-10-17 23:04 ` Chris Wright
2002-10-17 23:08 ` David S. Miller
2002-10-18 14:24 ` Jakob Oestergaard
2002-10-17 22:51 ` Andreas Steinmetz
2002-10-17 22:51 ` David S. Miller
2002-10-18 17:47 ` Daniel Egger
2002-10-17 23:00 ` Jeff Garzik
2002-10-17 22:56 ` David S. Miller
2002-10-17 23:09 ` Greg KH
2002-10-17 23:10 ` Chris Wright
2002-10-17 23:10 ` Andreas Steinmetz
2002-10-18 13:11 ` Christoph Hellwig
2002-10-17 23:11 ` Greg KH
[not found] <20021017201030.GA384@kroah.com.suse.lists.linux.kernel>
[not found] ` <20021017211223.A8095@infradead.org.suse.lists.linux.kernel>
[not found] ` <3DAFB260.5000206@wirex.com.suse.lists.linux.kernel>
[not found] ` <20021018.000738.05626464.davem@redhat.com.suse.lists.linux.kernel>
[not found] ` <3DAFC6E7.9000302@wirex.com.suse.lists.linux.kernel>
2002-10-18 9:25 ` Andi Kleen
2002-10-18 9:36 ` Crispin Cowan
2002-10-18 9:44 ` Andi Kleen
2002-10-18 9:55 ` Russell Coker
2002-10-18 10:13 ` Andi Kleen
2002-10-18 17:24 ` Rik van Riel
2002-10-18 11:43 ` Andreas Ferber
[not found] <20021023155457.L2732@redhat.com.suse.lists.linux.kernel>
[not found] ` <Pine.GSO.4.33.0210231112420.7042-100000@raven.suse.lists.linux.kernel>
2002-10-23 16:33 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021018165350.GC7286@kroah.com \
--to=greg@kroah.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=russell@coker.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox