On 6/3/2013 4:18 PM, Eric Paris wrote:
> On Tue, 2013-06-04 at 06:31 +0900, Linus Torvalds wrote:
>>
>> On Mon, 3 Jun 2013, Eric Paris wrote:
>>>
>>> #ifdef CONFIG_SECURITY
>>> + seqcount_t i_security_seqcount;
>>> + u32 i_last_task_sid;
>>> + u32
On 6/3/2013 1:26 PM, Casey Schaufler wrote:
> On 6/3/2013 11:59 AM, Eric Paris wrote:
>> This patch adds a cache of selinux security checks into struct inode.
> This violates the security blob architecture of the LSM.
>
> Security module specific optimizations in the VFS layer are
> probably going
On Tue, 2013-06-04 at 06:31 +0900, Linus Torvalds wrote:
>
>
> On Mon, 3 Jun 2013, Eric Paris wrote:
> >
> > #ifdef CONFIG_SECURITY
> > + seqcount_t i_security_seqcount;
> > + u32 i_last_task_sid;
> > + u32 i_last_granting;
> > +
On Mon, 3 Jun 2013, Eric Paris wrote:
>
> #ifdef CONFIG_SECURITY
> + seqcount_t i_security_seqcount;
> + u32 i_last_task_sid;
> + u32 i_last_granting;
> + u32 i_last_perms;
> + u32
On 6/3/2013 11:59 AM, Eric Paris wrote:
> This patch adds a cache of selinux security checks into struct inode.
This violates the security blob architecture of the LSM.
Security module specific optimizations in the VFS layer are
probably going to be pointless if (when) we go to stackable
security
This patch adds a cache of selinux security checks into struct inode.
It is protected by the seq counter against updates by other nodes. This
has a measurable impact on one benchmark Linus mentioned. The cpu
time using make to check a huge project for changes. It is going to
have a negative impa
6 matches
Mail list logo