|From:||Serge Hallyn <email@example.com>|
|To:||Chris Wright <firstname.lastname@example.org>, Andrew Morton <email@example.com>, lkml <firstname.lastname@example.org>|
|Subject:||[RFC] [PATCH] [0/6] LSM Stacking|
|Date:||Thu, 04 Nov 2004 17:04:31 -0600|
The following set of patches add support required to stack most LSMs. The most important patch is the first, which provides a method for more than one LSM to annotate information to kernel objects. LSM's known to use the LSM fields include selinux, bsdjail, seclvl, and digsig. Without this patch (or something like it), none of these modules can be used together. The rest of the patches add stacking support to the existing LSMs. Another set of three patches will be sent containing a stackable version of bsdjail. I have run some performance tests on a Fedora Core Devel system under three configurations: 1. A 2.6.10-rc1-bk10 system with capabilities and SELinux compiled into the kernel as it was in the default Fedora kernel. 2. A 2.6.10-rc1-bk10 system with the stacking patches, and capabilities and SELinux compiled into the kernel under the stacker LSM. Other than stacker being compiled in and the size of the LSM void* array being set to 4, the exact same .config was used. 3. The same kernel as in (2), but with bsdjail and seclvl also stacked. On each of these configurations, I ran unixbench twice, and compiled a kernel twice (with the same .config, and all files in the cached each time). The kernel compilation results are as follows: No stacking (1) Stacking (2) More Stacking (3) Run 1 real 9m51.647s real 9m48.045s real 9m53.292s user 8m28.637s user 8m29.108s user 8m33.319s sys 1m13.900s sys 1m14.993s sys 1m15.377s Run 2 real 9m48.154s real 9m53.369s real 9m53.292s user 8m28.983s user 8m29.101s user 8m34.407s sys 1m13.981s sys 1m15.307s sys 1m15.611s Run 3 real 9m51.105s real 9m51.840s real 9m58.840s user 8m28.894s user 8m29.192s user 8m33.538s sys 1m14.183s sys 1m15.345s sys 1m16.146s Unixbench summaries are as follows. (I can send the full output if anyone asks) No stacking (1) Stacking (2) More Stacking (3) Run 1 651.5 647.1 634.3 Run 2 648.2 642.8 632.7 -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds