Re: [PATCH] scm: fold __scm_send() into scm_send()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Stephen and James,

Looks like the selinux_sk_ctxid() call implemented in James' patch also 
requires the sk_callback_lock (see below).  I am planning to introduce a 
new exported fucntion selinux_sock_ctxid() which does not require any 
locking.  Comments?

thanks,
Catherine

Stephen Smalley <[email protected]> wrote on 03/21/2006 08:42:08 AM:

> On Tue, 2006-03-21 at 08:32 -0500, Stephen Smalley wrote:
> > > I don't expect security_sk_sid() to be terribly expensive.  It's not
> > > an AVC check, it's just propagating a label.  But I've not done any
> > > benchmarking on that.
> > 
> > No permission check there, but it looks like it does read lock
> > sk_callback_lock.  Not sure if that is truly justified here.
> 
> Ah, that is because it is also called from the xfrm code, introduced by
> Trent's patches.  But that locking shouldn't be necessary from scm_send,
> right?  So she likely wants a separate hook for it to avoid that
> overhead, or even just a direct SELinux interface?
> 
> -- 
> Stephen Smalley
> National Security Agency
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux