Hello.
YOSHIFUJI Hideaki wrote: > It is not a good practice. Please free such objects. > BTW, how many objects do you have in the list? It varies from 0 to some thousands, depending on the policy supplied by the administrator and/or the policy appended by "learning mode". Peter Zijlstra wrote: > sounds like a might fine memory leak / dos attack. TOMOYO Linux keeps the policy in CD-R's manner. Thus, once an entry is written, it's pointer is valid forever. TOMOYO Linux's simplicity (singly-linked list with no read_lock) comes from this "keep the policy in CD-R's manner". Yes, it is a kind of memory leak, but is controllable. The kernel no longer requires memory after entering into "enforcing mode". So, attackers can't do DoS attack after entering into "enforcing mode". Regards. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html