Seven Areas Where Linux Could Get Better

Not all these features will get in, showing the stop-and-go road for improvements to make their way into the Linux kernel.

Everyone wants more secure systems. Novell distributes AppArmor with its SUSE Linux Enterprise Server 10 as a way of limiting how much of the operating system an application can access, thus limiting the damage if the app is accessed without authorization. Still, it's not likely to be included in the kernel any time soon.

A key Linux security authority, Stephen Smalley--developer of another security scheme, SELinux--argues that AppArmor couldn't be merged into the kernel because its protective mechanism is based on a "pathname" approach, essentially a whitelisting scheme in which AppArmor allows access to only those named files for an application, and all others are excluded. According to a report last year by Jonathan Corbet, Smalley believes an artful intruder could use the approved pathnames to guess additional names, creating an unwanted exposure.

Kernel maintainer Andrew Morton agrees that this fundamental objection to the pathname approach has kept AppArmor out of the kernel. "I'm not a security programmer," he says. "I don't know how to get that one unstuck."

System Diagnostics

Solaris has DTrace for probing what's going on in the heart of the operating system, but Linux is short of user-friendly diagnostic tools. One of the few existing tools is ptrace, which lets one process track the actions of another. But ptrace is clumsy to use and prone to error, and now a replacement, utrace, has made it as far as Morton's memory management tree, one of the last hurdles before submission to Linus Torvalds. Utrace can track the behavior of a process as it's executed by a program, without some of ptrace's problems, but it still causes locking problems in the kernel. Corbet predicts inclusion is unlikely in the next kernel.

File Systems

The Reiser4 file system has been under consideration for addition to the kernel, which already contains 30 file systems. It's a large file management system, good at handling a large number of small files while using the minimum of disk space, according to Hans Reiser's documentation.

The file system requires a file operation to either be completed or disallowed, eliminating the hazard of files corrupted by half-completed operations. It would seem ideal for many Linux uses, but after years of debate, Reiser4 hasn't made it into the kernel. It doesn't fit well with parts of the kernel, and Reiser has dropped out as lead developer. "It will need a new champion if it is to eventually become part of mainline Linux," wrote Corbet in his forecast on its prospects earlier this month.

ZFS, Sun Microsystems' 128-bit file system, multiplies Linux's address space beyond the needs of the largest systems in use today. Parties that admire it point out that its open source code should be considered for the kernel. But its current license isn't compatible with Linux GPL.

Power Management

Linux lags in power management, where Windows laptops have scored impressive gains, spurring Intel engineers, kernel developers Molnar and Thomas Gleixner, and others to push for progress. A year ago, the kernel got "tick-less idle," telling the processor to stay in an idle state when there's no work to be done. Without it, the CPU's clock would ask the kernel 1,000 times per second for something to do, chewing up electricity.

Dirk Hohndel, chief Linux technologist at Intel, expects more improvements to power management. But any change between the kernel and the system clock threatens many other interactions. "These things can be very difficult and take a long time," he says. "I think that's the right way to do it."

Illustration by Dale Stephanos

Return to the story:
How Linux Is Testing The Limits Of Open Source Development