From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: Mimi Zohar <zohar@us.ibm.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Al Viro <viro@ZenIV.linux.org.uk>,
Stephen Smalley <sds@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
Randy Dunlap <randy.dunlap@oracle.com>,
safford@watson.ibm.com, serue@linux.vnet.ibm.com,
sailer@watson.ibm.com, Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH 3/4] integrity: Linux Integrity Module(LIM)
Date: Tue, 12 Aug 2008 16:19:19 -0500 [thread overview]
Message-ID: <20080812211919.GA29721@us.ibm.com> (raw)
In-Reply-To: <20080812192741.GB18034@infradead.org>
Quoting Christoph Hellwig (hch@infradead.org):
> On Mon, Aug 11, 2008 at 12:02:55PM -0500, Serge E. Hallyn wrote:
> > > > Sorry, but I don't think we can bloat the inode even further for this.
> > >
> > > The original version of IMA was LSM based, using i_security. Based
> > > on discussions on the LSM mailing list, it was decided that the LSM hooks
> > > were meant only for access control. During the same time frame, there
> > > was a lot of work done in stacking LSM modules and i_security, but that
> > > approach was dropped. It was suggested that we define a separate set of
> > > hooks for integrity, which this patch set provides. Caching integrity
> > > results is an important aspect. Any suggestions in lieu of defining
> > > i_integrity?
> >
> > The i_integrity is only bloating the inode if LIM is enabled. Surely
> > that beats having LIM define its own hash table and locking to track
> > integrity labels on inodes? Do you have another suggestion?
> >
> > Or is the concern about having more #ifdefs in the struct inode
> > definition?
>
> No, the concern is over bloating the inode for a rather academic fringe
> feature. As this comes from IBM I'm pretty sure someone will pressure
> the big distro to turn it on.
By default?? I should hope not...
Note that these are all not loadable modules. So presumably either it's
in the kernel and enforcing, or it's not there.
> And inode growth is a concern for
> fileserving or other inode heavy workload. Mimi mentioned this is just
> a cache of information, so consider using something like XFS's mru cache
> which is used for something similar where the xfs_inode was kept small
> despite a very niche feature needing a cache attached to the inode:
>
> fs/xfs/xfs_mru_cache.c
ok, so basically as I said above
> > ... having LIM define its own hash table and locking to track
> > integrity labels on inodes?
:)
But then that is in fact the better way to go if there can be a lot
of inodes with i_integrity=NULL. It looks like IMA always allocates
something, but if I understand the idea behind templates correctly,
that isn't necessarily always the case.
thanks,
-serge
next prev parent reply other threads:[~2008-08-12 21:19 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080808184349.999902616@linux.vnet.ibm.com>
2008-08-08 18:55 ` [PATCH 1/4] integrity: TPM internel kernel interface Mimi Zohar
2008-08-09 18:46 ` Christoph Hellwig
2008-08-11 21:13 ` Mimi Zohar
2008-08-12 19:30 ` Christoph Hellwig
2008-08-12 20:57 ` Kenneth Goldman
2008-08-12 21:36 ` Alan Cox
2008-08-13 13:46 ` Kenneth Goldman
2008-08-13 13:40 ` Alan Cox
2008-08-13 14:45 ` Christoph Hellwig
2008-08-13 16:39 ` Kenneth Goldman
2008-08-12 23:16 ` Greg KH
2008-08-13 13:58 ` Kenneth Goldman
2008-08-13 16:56 ` Mimi Zohar
2008-08-14 11:12 ` Pavel Machek
2008-08-15 10:37 ` Peter Dolding
2008-08-15 18:50 ` Kenneth Goldman
2008-08-15 19:22 ` Valdis.Kletnieks
2008-08-15 21:17 ` Alan Cox
2008-08-18 15:01 ` Kenneth Goldman
2008-08-08 18:55 ` [PATCH 2/4] integrity: special fs magic Mimi Zohar
2008-08-08 19:04 ` Greg KH
2008-08-08 19:15 ` Greg KH
2008-08-08 19:50 ` Mimi Zohar
2008-08-08 23:07 ` Greg KH
2008-08-09 18:47 ` Christoph Hellwig
2008-08-10 13:48 ` Mimi Zohar
2008-08-08 19:36 ` Mimi Zohar
2008-08-08 23:15 ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-08-09 18:53 ` Christoph Hellwig
2008-08-10 13:52 ` Mimi Zohar
2008-08-11 17:02 ` Serge E. Hallyn
2008-08-11 19:08 ` Mimi Zohar
2008-08-11 19:56 ` Serge E. Hallyn
2008-08-12 8:41 ` Peter Dolding
2008-08-12 19:29 ` Christoph Hellwig
2008-08-13 10:44 ` Peter Dolding
2008-08-13 14:11 ` David Howells
2008-08-13 22:57 ` Peter Dolding
2008-08-13 17:03 ` Mimi Zohar
2008-08-12 19:27 ` Christoph Hellwig
2008-08-12 21:19 ` Serge E. Hallyn [this message]
2008-08-13 17:03 ` Mimi Zohar
2008-08-12 19:25 ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 4/4] integrity: IMA as an integrity service provider Mimi Zohar
2008-08-08 20:06 ` Randy Dunlap
2008-10-07 18:00 [PATCH 0/4] integrity Mimi Zohar
2008-10-07 18:00 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080812211919.GA29721@us.ibm.com \
--to=serue@us.ibm.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=safford@watson.ibm.com \
--cc=sailer@watson.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=serue@linux.vnet.ibm.com \
--cc=viro@ZenIV.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox