Hi, Stephen and James, Looks like the selinux_sk_ctxid() call implemented in James' patch also requires the sk_callback_lock (see below). I am planning to introduce a new exported fucntion selinux_sock_ctxid() which does not require any locking. Comments?
thanks, Catherine Stephen Smalley <[EMAIL PROTECTED]> wrote on 03/21/2006 08:42:08 AM: > On Tue, 2006-03-21 at 08:32 -0500, Stephen Smalley wrote: > > > I don't expect security_sk_sid() to be terribly expensive. It's not > > > an AVC check, it's just propagating a label. But I've not done any > > > benchmarking on that. > > > > No permission check there, but it looks like it does read lock > > sk_callback_lock. Not sure if that is truly justified here. > > Ah, that is because it is also called from the xfrm code, introduced by > Trent's patches. But that locking shouldn't be necessary from scm_send, > right? So she likely wants a separate hook for it to avoid that > overhead, or even just a direct SELinux interface? > > -- > Stephen Smalley > National Security Agency > - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
