... Cowan¹

This work supported in part by DARPA Contract N66001-00-C-8032 (Autonomix)

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... Smalley²

This work supported by NSA Contract MDA904-01-C-0926 (SELinux)

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... Kroah-Hartman³

This work represents the view of the authors and does not necessarily represent the view of IBM. But that sentence did.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... devices).⁴

The glib answer is that the Linux kernel already provides those features and there would be nothing for us to do :-)

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... restrictive⁵

Caveat: the capable() hook, which is needed to support POSIX.1e capabilities, can override DAC checks, see Section 3.8.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... functions.⁶

However, it is not a programmer's guide.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... created⁷

In some cases, super_blocks are recycled.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... loaded.⁸

The performance costs of each module are the responsibility of the module's authors.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... impact.⁹

In fact, the LSM case was actually faster, but we regard that as an experimental anomaly, and do not claim that LSM is a performance optimization :-)

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.