]> bbs.cooldavid.org Git - net-next-2.6.git/commit - fs/open.c
git://bbs.cooldavid.org / net-next-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3232c11) | patch
SELinux: Improve read/write performance
authorYuichi Nakamura <ynakam@hitachisoft.jp>
Fri, 14 Sep 2007 00:27:07 +0000 (09:27 +0900)
committerJames Morris <jmorris@namei.org>
Tue, 16 Oct 2007 22:59:31 +0000 (08:59 +1000)
commit788e7dd4c22e6f41b3a118fd8c291f831f6fddbb
treecbe2d2a360aaf7dc243bef432e1c50507ae6db7btree | snapshot (tar.bz2 tar.gz zip)
parent3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9commit | diff
SELinux: Improve read/write performance

It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check.  A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.

(see http://marc.info/?l=selinux&m=118972995207740&w=2)

Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
fs/open.c diff | blob | blame | history
include/linux/security.h diff | blob | blame | history
security/dummy.c diff | blob | blame | history
security/selinux/avc.c diff | blob | blame | history
security/selinux/hooks.c diff | blob | blame | history
security/selinux/include/avc.h diff | blob | blame | history
security/selinux/include/objsec.h diff | blob | blame | history
Clone of davem's net-next-2.6 tree