MAC kernel option

[Chris Wright]

* Scott Long (scottl at samsco.org) wrote:
> I think that it would be very good to take a _very_ close look at the 
> experience that Fedora has had with enabling the linux framework by
> default.

Fedora enabled SELinux which is more than just the framework.  However,
we don't do the same allocation to provide for policy composition that you
do.  So enabling SELinux just incurs the SELinux overhead (and of course
that task of making sure the system still runs and has a sane policy).

The biggest performance penalty there was scalability.  SELinux used a
single avc lock for each access control decicision which scaled poorly
to large SMP (since been fixed to use RCU).  Biggest issue was probably
usability.  Original rollout was with a strict policy (every task
runs confined by some policy).  This broke too many things too often,
so confinement method was changed to a targeted policy (effectively
confine only sensitive network facing services).

We've looked at adding the ability to compose policy modules in LSM and
done some performance benchmarking to look at the overheads associated
with the extra space per-object.  Nothing too surprising there, tends
to show up (reasonably low-overhead) on microbenchmarks, less so
(though depending on actual benchmark, and method being benchmarked)
in macrobenchmarks.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message