From: Chris Wright <chrisw@sous-sol.org>
To: Arjan van de Ven <arjan@infradead.org>
Cc: James Morris <jmorris@namei.org>,
Jan Engelhardt <jengelh@computergmbh.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andreas Gruenbacher <agruen@suse.de>,
Thomas Fricaccia <thomas_fricacci@yahoo.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: LSM conversion to static interface [revert patch]
Date: Mon, 22 Oct 2007 22:16:42 -0700 [thread overview]
Message-ID: <20071023051642.GA3908@sequoia.sous-sol.org> (raw)
In-Reply-To: <20071022210956.31f7bbcf@laptopd505.fenrus.org>
* Arjan van de Ven (arjan@infradead.org) wrote:
> On Sun, 21 Oct 2007 08:57:06 +1000 (EST)
> James Morris <jmorris@namei.org> wrote:
>
> > On Sat, 20 Oct 2007, Jan Engelhardt wrote:
> >
> > > >I'd like to note that I asked people who were actually affected,
> > > >and had examples of their real-world use to step forward and
> > > >explain their use, and that I explicitly mentioned that this is
> > > >something we can easily re-visit.
> > > >
> > >
> > > I do have a pseudo LSM called "multiadm" at
> > > http://freshmeat.net/p/multiadm/ , quoting:
> > >
> >
> > Based on Linus' criteria, this appears to be a case for reverting the
> > static LSM patch.
>
> I don't want to argue for or against the actual revert; however if Linus/James/Chris
> decide to do a revert, I've made a patch to do that below
Thanks Arjan. I did not actually oppose making it non-modular, and
thought there was sufficient time for people to complain meaningfully
on that change. I also think there's not a lot of value in the modular
interface, but it's very difficult to have rational discussions in this
area.
> (doing a full git revert is tricky since it gets mixed up with various other cleanup
> patches; even inside the original patch. I've done the relevant pieces by hand via a
> selective patch -R and compile-tested it). In addition I've made the modularity a
> Kconfig option, since it's clearly something that is contested and thus is justified
> as a user compile time choice; people who don't want this (out of paranoia or otherwise)
> can now decide to disable, while others who want to experiment or use out of tree
> LSM modules, can select the KConfig option.
>
> If it turns out that the above module becomes unmaintained and no longer usable, and no
> other useful cases show up, we can always garbage collect this code in the future; it's
> now low-overhead anyway for those who care, due to the KConfig option.
Yes, and I think we can still improve performance although I can't see
anyway to help out the modular case, so I guess it will have to incur
the hit that's always been there. I think your Kconfig option is a
decent compromise.
thanks,
-chris
next prev parent reply other threads:[~2007-10-23 5:17 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <167451.96128.qm@web38607.mail.mud.yahoo.com>
2007-10-18 2:18 ` LSM conversion to static interface Linus Torvalds
2007-10-19 20:26 ` Andreas Gruenbacher
2007-10-19 20:40 ` Linus Torvalds
2007-10-20 11:05 ` Jan Engelhardt
2007-10-20 22:57 ` James Morris
2007-10-21 22:59 ` Adrian Bunk
2007-10-23 4:09 ` LSM conversion to static interface [revert patch] Arjan van de Ven
2007-10-23 4:56 ` James Morris
2007-10-23 4:57 ` Arjan van de Ven
2007-10-23 5:16 ` Chris Wright [this message]
2007-10-23 9:10 ` Jan Engelhardt
2007-10-23 9:13 ` Chris Wright
2007-10-23 9:14 ` Jan Engelhardt
2007-10-24 0:31 ` Jeremy Fitzhardinge
2007-10-24 0:32 ` Chris Wright
2007-10-24 5:06 ` Arjan van de Ven
2007-10-24 11:50 ` Linux Security *Module* Framework (Was: LSM conversion to static interface Simon Arlott
2007-10-24 12:55 ` Adrian Bunk
2007-10-24 18:11 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Simon Arlott
2007-10-24 18:51 ` Jan Engelhardt
2007-10-24 18:59 ` Simon Arlott
2007-10-24 19:04 ` Jan Engelhardt
2007-10-24 21:02 ` David P. Quigley
2007-10-24 21:37 ` Serge E. Hallyn
2007-10-24 21:51 ` Jan Engelhardt
2007-10-24 22:02 ` David P. Quigley
2007-10-24 23:13 ` Jan Engelhardt
2007-10-25 1:50 ` david
2007-10-25 3:50 ` Kyle Moffett
2007-10-24 21:42 ` Jan Engelhardt
2007-10-24 21:58 ` Casey Schaufler
2007-10-24 22:04 ` David P. Quigley
2007-10-25 11:38 ` Simon Arlott
2007-10-24 20:18 ` Crispin Cowan
2007-10-24 20:46 ` Jan Engelhardt
2007-10-24 21:29 ` Casey Schaufler
2007-10-24 22:31 ` Adrian Bunk
2007-10-24 22:58 ` Casey Schaufler
2007-10-24 23:32 ` Adrian Bunk
2007-10-24 23:42 ` Linus Torvalds
2007-10-25 0:41 ` Chris Wright
2007-10-25 2:19 ` Arjan van de Ven
2007-10-30 3:37 ` Toshiharu Harada
2007-10-25 1:03 ` Casey Schaufler
2007-10-25 0:23 ` Chris Wright
2007-10-25 0:35 ` Ray Lee
2007-10-25 1:26 ` Peter Dolding
2007-10-25 1:41 ` Alan Cox
2007-10-25 2:11 ` david
2007-10-25 18:17 ` Ray Lee
2007-10-25 22:21 ` Alan Cox
2007-10-26 3:45 ` david
2007-10-26 5:44 ` Peter Dolding
2007-10-27 18:29 ` Pavel Machek
2007-10-28 18:48 ` Hua Zhong
2007-10-28 19:05 ` Hua Zhong
2007-10-28 22:08 ` Crispin Cowan
2007-10-28 22:50 ` Alan Cox
2007-11-26 20:42 ` serge
2007-10-28 23:55 ` Peter Dolding
2007-10-29 5:12 ` Arjan van de Ven
2007-10-25 9:19 ` Bernd Petrovitsch
2007-10-25 16:04 ` Ray Lee
2007-10-25 17:10 ` Arjan van de Ven
2007-10-30 9:41 ` Bernd Petrovitsch
2007-10-25 1:42 ` Casey Schaufler
2007-10-27 18:22 ` Pavel Machek
2007-10-28 19:42 ` Linux Security *Module* Framework Tilman Schmidt
2007-10-28 20:46 ` Jan Engelhardt
2007-10-30 3:23 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Toshiharu Harada
2007-10-30 8:40 ` Jan Engelhardt
2007-10-30 8:50 ` Crispin Cowan
2007-10-30 9:27 ` Jan Engelhardt
2007-10-30 9:21 ` Toshiharu Harada
2007-10-25 11:44 ` Simon Arlott
2007-10-25 23:09 ` Tilman Schmidt
2007-10-26 2:56 ` Greg KH
2007-10-26 7:09 ` Jan Engelhardt
2007-10-26 15:54 ` Greg KH
2007-10-26 9:46 ` Tilman Schmidt
2007-10-26 15:58 ` Greg KH
2007-10-26 16:32 ` Simon Arlott
2007-10-27 14:07 ` eradicating out of tree modules (was: Linux Security *Module* Framework) Tilman Schmidt
2007-10-28 1:21 ` Adrian Bunk
2007-10-26 23:26 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Adrian Bunk
2007-10-27 14:47 ` eradicating out of tree modules (was: : Linux Security *Module* Framework) Tilman Schmidt
2007-10-27 17:31 ` eradicating out of tree modules Stefan Richter
2007-10-28 0:55 ` eradicating out of tree modules (was: : Linux Security *Module* Framework) Adrian Bunk
2007-10-28 9:25 ` eradicating out of tree modules Stefan Richter
2007-10-28 12:01 ` Tilman Schmidt
2007-10-28 14:37 ` Stefan Richter
2007-10-28 14:59 ` Simon Arlott
2007-10-28 16:55 ` Tilman Schmidt
2007-10-28 18:51 ` Tilman Schmidt
2007-10-28 19:25 ` Adrian Bunk
2007-10-30 0:29 ` Tilman Schmidt
2007-10-30 13:11 ` linux-os (Dick Johnson)
2007-10-30 13:19 ` Xavier Bestel
2007-10-30 15:30 ` Greg KH
2007-10-29 23:51 ` Out-of-tree modules [was: Linux Security *Module* Framework] Jan Engelhardt
2007-10-30 0:46 ` Lee Revell
2007-10-30 1:19 ` Jan Engelhardt
2007-10-27 14:08 ` Linux Security *Module* Framework (Was: LSM conversion to static interface Tetsuo Handa
2007-11-05 6:42 ` Crispin Cowan
2007-10-23 9:13 ` Jan Engelhardt
2007-10-23 5:44 ` Giacomo Catenazzi
2007-10-23 8:55 ` Jan Engelhardt
2007-10-23 9:14 ` Giacomo A. Catenazzi
2007-10-23 9:18 ` Jan Engelhardt
2007-10-23 15:20 ` Serge E. Hallyn
2007-10-23 15:28 ` Jan Engelhardt
2007-10-23 15:34 ` Serge E. Hallyn
2007-10-25 10:23 ` Valdis.Kletnieks
2007-10-19 21:07 ` James Morris
2007-10-22 1:12 ` Crispin Cowan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071023051642.GA3908@sequoia.sous-sol.org \
--to=chrisw@sous-sol.org \
--cc=agruen@suse.de \
--cc=arjan@infradead.org \
--cc=jengelh@computergmbh.de \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thomas_fricacci@yahoo.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox