[arch-general] [arch-dev-public] Trimming down our default kernel configuration

Simon Brand simon.brand at postadigitale.de
Thu Mar 27 10:24:43 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Am 27.03.2014 13:46, schrieb Thomas Bächler:
> Do you even know what that means? If I see this right, every time 
> the kernel needs to do some permission check, it needs to ask "are 
> we using LSM xyz?". In any case, it's more code and thus more room 
> for failure.

Not necessarily, i do not know the code of all the policy enforcement
points, but if you have a function pointer to the policy decision
function, you only have to query this function. So if you enable
SELinux, you let the pointer point to the SELinux function.


Maybe you don't understand what i mean because of my bad english, here
an example code:

int (*func)( char *arg, ... );
int SELinux_pdp( char *arg, ... ) { Code }
int pdp( char *arg, ... ) { Code }

if( SELinux ) {
	func = &SELinux_pdp;
} else {
	func = &pdp;
}


So you only have to call func( arg, ... ) and test the returned value.


Besides that, i'd prefer a smaller kernel, too.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlM0NKkACgkQkr64biT2RYQzegD+MU+yBgTPoIA0RB9CH9l2CFpp
dEEGg5FfYVdodSYtAGsA/jOmUhnz+DvogZDYVHpsPmjObexou6qcGRpJPMxIL8jK
=igbX
-----END PGP SIGNATURE-----


More information about the arch-general mailing list