| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Aug 2008 16:19:19 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: Christoph Hellwig <hch@...radead.org> Cc: Mimi Zohar <zohar@...ibm.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Al Viro <viro@...IV.linux.org.uk>, Stephen Smalley <sds@...ho.nsa.gov>, James Morris <jmorris@...ei.org>, Randy Dunlap <randy.dunlap@...cle.com>, safford@...son.ibm.com, serue@...ux.vnet.ibm.com, sailer@...son.ibm.com, Mimi Zohar <zohar@...ux.vnet.ibm.com> Subject: Re: [PATCH 3/4] integrity: Linux Integrity Module(LIM) Quoting Christoph Hellwig (hch@...radead.org): > On Mon, Aug 11, 2008 at 12:02:55PM -0500, Serge E. Hallyn wrote: > > > > Sorry, but I don't think we can bloat the inode even further for this. > > > > > > The original version of IMA was LSM based, using i_security. Based > > > on discussions on the LSM mailing list, it was decided that the LSM hooks > > > were meant only for access control. During the same time frame, there > > > was a lot of work done in stacking LSM modules and i_security, but that > > > approach was dropped. It was suggested that we define a separate set of > > > hooks for integrity, which this patch set provides. Caching integrity > > > results is an important aspect. Any suggestions in lieu of defining > > > i_integrity? > > > > The i_integrity is only bloating the inode if LIM is enabled. Surely > > that beats having LIM define its own hash table and locking to track > > integrity labels on inodes? Do you have another suggestion? > > > > Or is the concern about having more #ifdefs in the struct inode > > definition? > > No, the concern is over bloating the inode for a rather academic fringe > feature. As this comes from IBM I'm pretty sure someone will pressure > the big distro to turn it on. By default?? I should hope not... Note that these are all not loadable modules. So presumably either it's in the kernel and enforcing, or it's not there. > And inode growth is a concern for > fileserving or other inode heavy workload. Mimi mentioned this is just > a cache of information, so consider using something like XFS's mru cache > which is used for something similar where the xfs_inode was kept small > despite a very niche feature needing a cache attached to the inode: > > fs/xfs/xfs_mru_cache.c ok, so basically as I said above > > ... having LIM define its own hash table and locking to track > > integrity labels on inodes? :) But then that is in fact the better way to go if there can be a lot of inodes with i_integrity=NULL. It looks like IMA always allocates something, but if I understand the idea behind templates correctly, that isn't necessarily always the case. thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists