LSS: LSM roundtable
Posted Sep 15, 2011 17:05 UTC (Thu) by BenHutchings
Parent article: LSS: LSM roundtable
Debian currently only compiles one LSM (SELinux) into its kernel due to the memory that gets wasted by the unused code for inactive LSMs.
Actually we have TOMOYO as well.
But Cook said all that was really needed was a way to unload all but the active LSM. As long as this unloading mechanism didn't touch the active LSM, and that the feature itself was optional, no one seemed to object to it. So it is mostly just a matter of someone finding the time to write the code.
This remains on my to-do list. I did make a start on this, and got as far as crashing the kernel at boot. ;-)
to post comments)