From: Casey Schaufler <casey@schaufler-ca.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul Moore <paul@paul-moore.com>,
selinux@vger.kernel.org,
LSM List <linux-security-module@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [GIT PULL] SELinux patches for v5.8
Date: Wed, 3 Jun 2020 11:05:32 -0700 [thread overview]
Message-ID: <90feeea2-26b5-0552-f763-5f327a313669@schaufler-ca.com> (raw)
In-Reply-To: <CAHk-=wgkZROyMpBa8EKPDVK=SvurnrzJXgphQ8Fstx8rrfO6MQ@mail.gmail.com>
On 6/3/2020 10:37 AM, Linus Torvalds wrote:
> On Wed, Jun 3, 2020 at 10:20 AM Casey Schaufler <casey@schaufler-ca.com> wrote:
>> We could have inode->i_security be the blob, rather than a pointer to it.
>> That will have its own performance issues.
> It wouldn't actually really fix anything, because the inode is so big
> and sparsely accessed that it doesn't even really help the cache
> density issue. Yeah, it gets rid of the pointer access, but that's
> pretty much it. The fact that we randomize the order means that we
> can't even really try to aim for any cache density.
Well, it was a thought.
> And it would actually not be possible with the current layered
> security model anyway, since those blob sizes are dynamic at runtime.
The model would have to change. The dynamic blob size is an artifact
of the model, not a driver.
> If we had _only_ SELinux, we could perhaps have hidden the
> sid/sclass/task_sid directly in the inode (it would be only slightly
> larger than the pointer is, anyway), but even that ship sailed long
> long ago due to the whole "no security person can ever agree with
> another one on fundamentals".
Not to mention that the security landscape keeps changing.
> So don't try to blame the rest of the system design.
That wasn't my intent. Apologies.
> This is on the
> security people. We've been able to handle other layers fairly well
> because they generally agree on fundamentals (although it can take
> decades before they then end up merging their code - things like the
> filesystem people standardizing on iomap and other core concepts). And
> as mentioned, when there is agreed-upon security rules (ie "struct
> cred") we've been able to spend the effort to architect it so that it
> doesn't add unnecessary overheads.
>
> Linus
next prev parent reply other threads:[~2020-06-03 18:05 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-02 1:06 [GIT PULL] SELinux patches for v5.8 Paul Moore
2020-06-03 0:31 ` Linus Torvalds
2020-06-03 17:20 ` Casey Schaufler
2020-06-03 17:37 ` Linus Torvalds
2020-06-03 18:05 ` Casey Schaufler [this message]
2020-06-03 21:02 ` Alexei Starovoitov
2020-06-03 22:00 ` Casey Schaufler
2020-06-03 23:38 ` Alexei Starovoitov
2020-06-03 22:12 ` James Morris
2020-06-03 22:38 ` Casey Schaufler
2020-06-04 2:13 ` James Morris
2020-06-04 12:45 ` Stephen Smalley
2020-06-04 15:28 ` Casey Schaufler
2020-06-04 15:33 ` Stephen Smalley
2020-06-03 23:35 ` Paul Moore
2020-06-03 1:10 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=90feeea2-26b5-0552-f763-5f327a313669@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).