Quoting Tetsuo Handa (penguin-kernel@xxxxxxxxxxxxxxxxxxx): > Hello. > > Stephen Smalley wrote: > > On Wed, 2008-12-03 at 17:56 +0900, Kentaro Takeda wrote: > > > Stephen, Serge, > > > Here is the patch for introducing new security_path_set()/clear() hooks. > > > > > > This patch enables LSM module to remember vfsmount's pathname so that it can > > > calculate absolute pathname in security_inode_*(). Since actual MAC can be > > > performed after DAC, there will not be any noise in auditing and learning > > > features. This patch currently assumes that the vfsmount's pathname is stored in > > > hash table in LSM module. (Should I use stack memory?) > > > > > > Since security_inode_*() are not always called after security_path_set(), > > > security_path_clear() hook is needed to free the remembered pathname. > > > > Your security_path_set()/security_path_clear() pairs look rather similar > > to mnt_want_write()/mnt_drop_write() pairs. What if you were to call > > your hooks from those functions, and then you would only need to add > > further hook calls in the case of read-only and execute/search checks? > > Right. Locations of inserting security_path_set()/security_path_clear() pairs > are subset of mnt_want_write()/mnt_drop_write() pairs. Thus, we can insert > security_path_set()/security_path_clear() pairs into > mnt_want_write()/mnt_drop_write() pairs, if we can tolerate performance > regression. According to our rough measurement, there is about 8 - 22% of > performance regression. ... compared to what, exactly? If having CONFIG_SECURITY_PATH=y but TOMOYO disabled has this kind of regression against just not having CONFIG_SECURITY_PATH, then no that is not acceptable. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html