diff options
| author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-09-13 20:27:07 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2007-10-16 18:59:31 -0400 |
| commit | 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch) | |
| tree | cbe2d2a360aaf7dc243bef432e1c50507ae6db7b /fs | |
| parent | 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff) | |
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check. A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.
(see http://marc.info/?l=selinux&m=118972995207740&w=2)
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/open.c | 4 |
1 files changed, 4 insertions, 0 deletions
| @@ -757,6 +757,10 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | |||
| 757 | f->f_op = fops_get(inode->i_fop); | 757 | f->f_op = fops_get(inode->i_fop); |
| 758 | file_move(f, &inode->i_sb->s_files); | 758 | file_move(f, &inode->i_sb->s_files); |
| 759 | 759 | ||
| 760 | error = security_dentry_open(f); | ||
| 761 | if (error) | ||
| 762 | goto cleanup_all; | ||
| 763 | |||
| 760 | if (!open && f->f_op) | 764 | if (!open && f->f_op) |
| 761 | open = f->f_op->open; | 765 | open = f->f_op->open; |
| 762 | if (open) { | 766 | if (open) { |