From: Casey Schaufler <casey@schaufler-ca.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: Eric Paris <eparis@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, hch@infradead.org,
zohar@us.ibm.com, warthog9@kernel.org, david@fromorbit.com,
jmorris@namei.org, kyle@mcmartin.ca, hpa@zytor.com,
akpm@linux-foundation.org
Subject: Re: [PATCH 1/3] IMA: move read/write counters into struct inode
Date: Fri, 22 Oct 2010 10:50:05 -0700 [thread overview]
Message-ID: <4CC1CECD.3090501@schaufler-ca.com> (raw)
In-Reply-To: <20101022084800.GB9722@elte.hu>
On 10/22/2010 1:48 AM, Ingo Molnar wrote:
> * Casey Schaufler <casey@schaufler-ca.com> wrote:
>
>> On 10/20/2010 8:15 AM, Ingo Molnar wrote:
>>> * Eric Paris <eparis@redhat.com> wrote:
>>>
>>>> On Wed, 2010-10-20 at 16:38 +0200, Ingo Molnar wrote:
>>>>> * Eric Paris <eparis@redhat.com> wrote:
>>>>>
>>>>>> Executive summary of the day's work:
>>>>>> Yesterday morning: 944 bytes per inode in core
>>>>>> Yesterday night: 24 bytes per inode in core
>>>>>> Tonight: 4 bytes per inode in core.
>>>>>>
>>>>>> That's a x236 time reduction in memory usage. No I didn't even start looking
>>>>>> at a freezer. Which could bring that 4 down to 0, but would add a scalability
>>>>>> penalty on all inodes when IMA was enabled.
>>>>> Why not use inode->i_security intelligently? That already exists so that way
>>>>> it's 0 bytes.
>>>>>
>>>>> Thanks,
>>>> It still wouldn't be 0 bytes since there would be a 1-1 mapping from inode to
>>>> i_security structs. [...]
>>> Only for IMA-affected files, right?
>>>
>>> My point is to keep it 0 overhead for the _non IMA common case_.
>>>
>>>> The real reason I don't pursue this route is because of the litany of different
>>>> ways this pointer is used in different LSMs (or not used at all.) And we all know
>>>> that LSM authors aren't known for seeing the world the same way as each other. As
>>>> a maintainer of one of those LSMs even I'm scared to try pushing that forward....
>>> Ugh. That's a perfect reason to do it exactly like i suggested.
>> If you would like to make a proposal on LSM stacking other than the traditional
>> "rip the LSM out" I am sure that everyone in the IMA, SELinux, TOMOYO, AppArmor
>> and Smack communities would be happy to have a look. Short of having a viable
>> mechanism for multiple LSMs to coexist IMA needs its separate space. Yes, people
>> do use both IMA and LSMs on the same machine at the same time.
> Yes, that's the essence of what i suggested: if various security concepts can be
> present at once then inode->security should not be a stupid pointer to a single,
> exclusive data structure (because that hardwires a "only a single security subsystem
> active" assumption), but should be a pointer to a linked list of security structures
> - as many as there are security subsystems interested in that inode.
Glad to see support for an LSM module stacker (modulator, combiner, ...)
growing. All we really need to do is get someone a case of the beverage
of their choice and turn them loose on the problem. I think that the few
anti-stacking holdouts (I was one, but converted a couple years ago) can
be swayed by a reasonable implementation. It won't be easy, there are
plenty of problems that need to be solved, but anyone who wants easy
should stick to developing web portals and stay out of the kernel.
>
> Thanks,
>
> Ingo
prev parent reply other threads:[~2010-10-22 17:50 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20101019011650.25346.99614.stgit@paris.rdu.redhat.com>
[not found] ` <20101019013037.GA31393@infradead.org>
[not found] ` <1287454443.2530.124.camel@localhost.localdomain>
[not found] ` <20101019073901.GB11284@dastard>
2010-10-19 16:24 ` [PATCH 1/3] IMA: move read/write counters into struct inode Eric Paris
2010-10-19 16:29 ` Christoph Hellwig
[not found] ` <AANLkTimGdjPyLXuknDNa7WNthDT9+2FdOuPdxwjRiMHD@mail.gmail.com>
2010-10-19 16:36 ` Eric Paris
2010-10-19 16:55 ` Al Viro
2010-10-19 17:03 ` Linus Torvalds
2010-10-19 17:28 ` Al Viro
2010-10-19 18:16 ` Mimi Zohar
2010-10-20 13:10 ` John Stoffel
2010-10-20 13:36 ` Al Viro
2010-10-20 14:09 ` John Stoffel
2010-10-19 19:11 ` Matthew Wilcox
2010-10-20 3:15 ` Al Viro
2010-10-20 17:38 ` J. Bruce Fields
2010-10-19 22:49 ` Eric Paris
2010-10-20 14:38 ` Ingo Molnar
2010-10-20 14:46 ` Eric Paris
2010-10-20 15:15 ` Ingo Molnar
2010-10-20 15:25 ` Eric Paris
2010-10-21 16:15 ` Casey Schaufler
2010-10-22 8:48 ` Ingo Molnar
2010-10-22 17:50 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CC1CECD.3090501@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=kyle@mcmartin.ca \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=warthog9@kernel.org \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox