On Sun, Jun 13, 2004 at 03:36:48PM +0000, Luke Kenneth Casson Leighton wrote: > * debian kernels need to be available compiled with se/linux security > enabled (and boot-time optional) by default. this results in a > 2% performance hit (wow big deal) when se/linux is not enabled > at boot time. Gentoo, SuSE and Fedora all accept this 2%.
It's actually disabled again (compiled in but disabled) in SuSE because the performance hit was much much worse. And I remember benchmark numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64 by more than 10%. I'd vote strongy against enabling LSM in the Debian kernel images. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
