On Fri, Dec 05, 2008 at 04:53:18PM -0500, Stephen Smalley wrote: > > Right. Locations of inserting security_path_set()/security_path_clear() pairs > > are subset of mnt_want_write()/mnt_drop_write() pairs. Thus, we can insert > > security_path_set()/security_path_clear() pairs into > > mnt_want_write()/mnt_drop_write() pairs, if we can tolerate performance > > regression. According to our rough measurement, there is about 8 - 22% of > > performance regression. But this approach needs minimum modification to the > > existing kernel (only two hooks to be inserted). > > I assume you also need separate hooks to cover the read-only open case? > As for your performance, your implementation of mp_* is clearly > non-optimal, so I'd expect there is plenty of room for improvement > there. And just what will happen if you end up with foo_mkdir() calling something that does e.g. pathname resolution in fs-controlled private namespace and creates/removes some files there? -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
