Re: ima: use of radix tree cache indexing == massive waste of memory?

[Kyle McMartin]

On Mon, Oct 18, 2010 at 12:48:54PM -0400, Eric Paris wrote:
> I'll can address this on the fedora list, but I think this is the wrong
> approach.  IMA is supposed to be of negligible impact when not 'enabled'
> and I believe the right solution is to fix places where that isn't true.
> At the moment 3 have been identified.
> 

My beef is #2, which is what I want to see solved. If there's a million
people using Fedora, and 2 people use IMA, that's an awful lot of bytes
that could be otherwise used.

I think it should be entirely opt in, with a CONFIG_IMA_DEFAULT_ON or
something like we do for security hooks.

Anyway, If you can address #2, then I'm happy having it enabled. If it's
taken us this long to notice the impact, then it doesn't seem to be
all that large in the general case, and if it can be reduced, then that
should make everyone happy.

--Kyle
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/