On Mon, Oct 18, 2010 at 12:48:54PM -0400, Eric Paris wrote: > I'll can address this on the fedora list, but I think this is the wrong > approach. IMA is supposed to be of negligible impact when not 'enabled' > and I believe the right solution is to fix places where that isn't true. > At the moment 3 have been identified. > My beef is #2, which is what I want to see solved. If there's a million people using Fedora, and 2 people use IMA, that's an awful lot of bytes that could be otherwise used. I think it should be entirely opt in, with a CONFIG_IMA_DEFAULT_ON or something like we do for security hooks. Anyway, If you can address #2, then I'm happy having it enabled. If it's taken us this long to notice the impact, then it doesn't seem to be all that large in the general case, and if it can be reduced, then that should make everyone happy. --Kyle _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
