FS#38621 - [linux] Enable the Smack LSM

Attached to Project: Arch Linux
Opened by Patrick McCarty (pnorcks) - Wednesday, 22 January 2014, 23:58 GMT
Last edited by Dave Reisner (falconindy) - Tuesday, 04 February 2014, 00:25 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
I am working on a userspace program that interfaces with the smackfs used by the Smack LSM. It would be useful if the stock kernel can enable the Smack LSM.

The only additional config option I need to set is:

CONFIG_SECURITY_SMACK=y


Additional info:
* package version: linux 3.12.8-1
This task depends upon

Closed by  Dave Reisner (falconindy)
Tuesday, 04 February 2014, 00:25 GMT
Reason for closing:  Won't implement
Additional comments about closing:  see comments
Comment by Dave Reisner (falconindy) - Thursday, 23 January 2014, 02:56 GMT
This seems like a pretty specific case that shouldn't really warrant enabling for thousands of users. Can you not just compile a kernel with smack to use for yourself while you're developing? Enabling LSMs is always a mixed bag because of the side effects that they inevitably come with compounded by Arch devs' general apathy towards supporting the already huge array of options we enable for the distro kernel.
Comment by Patrick McCarty (pnorcks) - Tuesday, 04 February 2014, 00:22 GMT
After discussing this with the Smack maintainer, I think it would be best to retract this feature request.

The primary reasons are:

1. Smack is not a widely-used LSM at present, so the majority of Arch users are unlikely to use it.
2. Enabling Smack is not "free", as I originally thought; it most noticeably impacts network performance.

So, I will continue to compile my own Smack-enabled kernel for now as long as I require the functionality.

Loading...