mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-07-23 07:12:09 +00:00
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Yuichi Nakamura
James Morris
parent
3232c110b5
commit
788e7dd4c2
7 changed files with 89 additions and 1 deletions
|
|
@ -53,6 +53,8 @@ struct file_security_struct {
|
|||
struct file *file; /* back pointer to file object */
|
||||
u32 sid; /* SID of open file description */
|
||||
u32 fown_sid; /* SID of file owner (for SIGIO) */
|
||||
u32 isid; /* SID of inode at the time of file open */
|
||||
u32 pseqno; /* Policy seqno at the time of file open */
|
||||
};
|
||||
|
||||
struct superblock_security_struct {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue