[redhat-lspp] LSPP Development Telecon 11/28/2005 Minutes
Steve Grubb
sgrubb at redhat.com
Tue Nov 29 15:38:37 UTC 2005
On Tuesday 29 November 2005 10:13, Stephen Smalley wrote:
> It is certainly easier to implement, and we can then revisit it if we
> find that it is too costly.
OK.
> Not clear it truly affects every single syscall anyway; these filters
> should be selective.
Yep. Every rule that is in entry and exit rule lists get evaluated every
syscall unless there is a rule evaluates true. Its brute force. Looking at
better ways of doing this was on the work proposal from back in
September...but I don't think its being looked at by anyone. Until then, its
brute force.
-Steve
More information about the redhat-lspp
mailing list