On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote:
> On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
> > is there room for improvement in security_port_sid() ?
>
> Yes, lots of room. Also, it won't get called per-packet if you enable
> secmark (echo 0 > /selinux/compat_net or boo
On Tue, 27 Mar 2007, Sami Farin wrote:
> On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote:
> > On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
> > > is there room for improvement in security_port_sid() ?
> >
> > Yes, lots of room. Also, it won't get called per-packet if you ena
On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
> is there room for improvement in security_port_sid() ?
Yes, lots of room. Also, it won't get called per-packet if you enable
secmark (echo 0 > /selinux/compat_net or boot with selinux_compat_net=0
or build with SECURITY_SELINUX_ENABLE_SECMARK
is there room for improvement in security_port_sid() ?
little test with dns queries (dnsfilter (the client) on local host
using poll() and dnscache (the server) using epoll (at max 4000 concurrent
queries):
(stats for only vmlinux)
CPU: P4 / Xeon, speed 2797.32 MHz (estimated)
Counted GLOBAL_POWE
4 matches
Mail list logo