Re: [PATCH] scm: fold __scm_send() into scm_send()

From: Xiaolan Zhang
Date: Thu Apr 06 2006 - 13:53:43 EST

Next message: Jeff Dike: "[PATCH 2/2] UML memory hotplug cleanups"
Previous message: OGAWA Hirofumi: "Re: [PATCH 2/2] writeback: fix range handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Stephen and James,

Looks like the selinux_sk_ctxid() call implemented in James' patch also
requires the sk_callback_lock (see below). I am planning to introduce a
new exported fucntion selinux_sock_ctxid() which does not require any
locking. Comments?

thanks,
Catherine

Stephen Smalley <sds@xxxxxxxxxxxxx> wrote on 03/21/2006 08:42:08 AM:

> On Tue, 2006-03-21 at 08:32 -0500, Stephen Smalley wrote:
> > > I don't expect security_sk_sid() to be terribly expensive. It's not
> > > an AVC check, it's just propagating a label. But I've not done any
> > > benchmarking on that.
> >
> > No permission check there, but it looks like it does read lock
> > sk_callback_lock. Not sure if that is truly justified here.
>
> Ah, that is because it is also called from the xfrm code, introduced by
> Trent's patches. But that locking shouldn't be necessary from scm_send,
> right? So she likely wants a separate hook for it to avoid that
> overhead, or even just a direct SELinux interface?
>
> --
> Stephen Smalley
> National Security Agency
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Dike: "[PATCH 2/2] UML memory hotplug cleanups"
Previous message: OGAWA Hirofumi: "Re: [PATCH 2/2] writeback: fix range handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]