Hi, Stephen and James,
Looks like the selinux_sk_ctxid() call implemented in James' patch also
requires the sk_callback_lock (see below). I am planning to introduce a
new exported fucntion selinux_sock_ctxid() which does not require any
locking. Comments?
thanks,
Catherine
Stephen Smalley <[email protected]> wrote on 03/21/2006 08:42:08 AM:
> On Tue, 2006-03-21 at 08:32 -0500, Stephen Smalley wrote:
> > > I don't expect security_sk_sid() to be terribly expensive. It's not
> > > an AVC check, it's just propagating a label. But I've not done any
> > > benchmarking on that.
> >
> > No permission check there, but it looks like it does read lock
> > sk_callback_lock. Not sure if that is truly justified here.
>
> Ah, that is because it is also called from the xfrm code, introduced by
> Trent's patches. But that locking shouldn't be necessary from scm_send,
> right? So she likely wants a separate hook for it to avoid that
> overhead, or even just a direct SELinux interface?
>
> --
> Stephen Smalley
> National Security Agency
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
