From: "David S. Miller" <davem@redhat.com>
To: greg@kroah.com
Cc: becker@scyld.com, jmorris@intercode.com.au, kuznet@ms2.inr.ac.ru,
netdev@oss.sgi.com, linux-security-module@wirex.com
Subject: Re: [PATCH] LSM networking: skb hooks for 2.5.42 (2/7)
Date: Tue, 15 Oct 2002 13:10:37 -0700 (PDT) [thread overview]
Message-ID: <20021015.131037.96602290.davem@redhat.com> (raw)
In-Reply-To: <20021015201209.GE15864@kroah.com>
From: Greg KH <greg@kroah.com>
Date: Tue, 15 Oct 2002 13:12:09 -0700
Those invocations also take up no measurable time :)
I simply don't care. They take up space in my kernel.
Yes, the size of the *.o files in the security directory can be shrunk a
bit:
text data bss dec hex filename
6765 776 8 7549 1d7d built-in.o
3280 392 4 3676 e5c capability.o
1772 384 0 2156 86c dummy.o
1713 0 4 1717 6b5 security.o
It's a whopping 32K on sparc64, and that is only counting
the security/*.o objects.
Have you added up the text taken up comparing having
the security_ops->foo() stuff there and having it removed
in the rest of the entire tree?
Have you considered the different register and stack
allocations and code generations differences that occur
because this nop function call invocation is there?
It is not FREE, it has overhead, and this is a fact.
I'm so surprised the embedded people aren't all over
this. If I was an embedded person, CONFIG_SECURITY=n
would be one of the top things on my list.
> You must allow the user to config this stuff out of their tree.
No, I only think the network stuff should be allowed to be compiled
away, not the other hooks (ipc and vfs).
I totally disagree, CONFIG_SECURITY=n is mandatory.
If you don't work on this change, then I will get someone
else to do it.
I will not even look at the networking LSM bits until
CONFIG_SECURITY=n is available.
next prev parent reply other threads:[~2002-10-15 20:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-15 14:36 [PATCH] LSM networking: skb hooks for 2.5.42 (2/7) James Morris
2002-10-15 17:40 ` David S. Miller
2002-10-15 18:14 ` Donald Becker
2002-10-15 19:16 ` Greg KH
2002-10-15 19:34 ` David S. Miller
2002-10-15 19:45 ` Greg KH
2002-10-15 19:45 ` David S. Miller
2002-10-15 20:12 ` Greg KH
2002-10-15 20:10 ` David S. Miller [this message]
2002-10-15 20:28 ` Greg KH
2002-10-15 20:24 ` David S. Miller
2002-10-16 0:07 ` [RFC] change format of LSM hooks Greg KH
2002-10-16 0:03 ` David S. Miller
2002-10-16 8:15 ` Greg KH
2002-10-16 18:59 ` Greg KH
2002-10-16 19:07 ` Greg KH
2002-10-17 1:41 ` Rusty Russell
2002-10-17 3:33 ` Daniel Phillips
2002-10-17 13:21 ` Christoph Hellwig
2002-10-17 16:55 ` Greg KH
2002-10-19 2:33 ` [PATCH] LSM networking: skb hooks for 2.5.42 (2/7) Keith Owens
2002-10-19 2:54 ` Keith Owens
2002-10-19 3:29 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021015.131037.96602290.davem@redhat.com \
--to=davem@redhat.com \
--cc=becker@scyld.com \
--cc=greg@kroah.com \
--cc=jmorris@intercode.com.au \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-security-module@wirex.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).