At Sun, 13 Jun 2004 19:01:46 +0200, Christoph Hellwig wrote: > On Sun, Jun 13, 2004 at 03:36:48PM +0000, Luke Kenneth Casson Leighton wrote: > > * debian kernels need to be available compiled with se/linux security > > enabled (and boot-time optional) by default. this results in a > > 2% performance hit (wow big deal) when se/linux is not enabled > > at boot time. Gentoo, SuSE and Fedora all accept this 2%. > > It's actually disabled again (compiled in but disabled) in SuSE because > the performance hit was much much worse. And I remember benchmark > numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64 > by more than 10%. I'd vote strongy against enabling LSM in the Debian > kernel images.
If it's true, I agree that we don't enable it in default. Regards, -- gotom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
