bbs.cooldavid.org Git - net-next-2.6.git/commit

author	Eric Paris <eparis@redhat.com>
	Fri, 30 Jul 2010 03:02:34 +0000 (23:02 -0400)
committer	James Morris <jmorris@namei.org>
	Mon, 2 Aug 2010 05:38:39 +0000 (15:38 +1000)
commit	6371dcd36f649d9d07823f31400618155a20dde1
tree	a08c4ed2ec77225abbfcc099e78ae8d643429787	tree \| snapshot (tar.bz2 tar.gz zip)
parent	016d825fe02cd20fd8803ca37a1e6d428fe878f6	commit \| diff

selinux: convert the policy type_attr_map to flex_array

Current selinux policy can have over 3000 types.  The type_attr_map in
policy is an array sized by the number of types times sizeof(struct ebitmap)
(12 on x86_64).  Basic math tells us the array is going to be of length
3000 x 12 = 36,000 bytes.  The largest 'safe' allocation on a long running
system is 16k.  Most of the time a 32k allocation will work.  But on long
running systems a 64k allocation (what we need) can fail quite regularly.
In order to deal with this I am converting the type_attr_map to use
flex_arrays.  Let the library code deal with breaking this into PAGE_SIZE
pieces.

-v2
rework some of the if(!obj) BUG() to be BUG_ON(!obj)
drop flex_array_put() calls and just use a _get() object directly

-v3
make apply to James' tree (drop the policydb_write changes)

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

security/selinux/ss/policydb.c		diff \| blob \| blame \| history
security/selinux/ss/policydb.h		diff \| blob \| blame \| history
security/selinux/ss/services.c		diff \| blob \| blame \| history