Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > You have the 'acting_as' name for subj/eff, which I like. Is there > another name you could use in place of 'real' in the name > task_real_capable()? Ummm... 'Actual' or 'Assigned' perhaps? > I do find this version much easier to read. It seems easier to > track capable+current_cred() vs real_capable+get_task_cred(). Could > you do a few benchmarks to gauge whether the difference the > optimization makes? Yeah... My main objection is passing around two or three superfluous arguments in the common case. Most of the time, the only necessary argument to sec->capable(): int (*capable) (struct task_struct *tsk, const struct cred *cred, int cap, int audit); is cap; tsk, cred and audit are all superfluous in the (very) common case. How about: int (*fast_capable) (int cap); which assumes current, current_cred() and SECURITY_CAP_AUDIT? Benchmarking is tricky, given that the individual savings will be relatively small in comparison to the code that calls them. However, if I can get rid of three arguments passed into each of security_capable(), selinux_capable() and cap_capable(), that really should speed things up if you call it enough times, especially as current is held in a register on some archs. I'll see what I can do. > I'm looking at a several-week-old linux-next, but only see one use of > capable on another task which audits, and that is in commoncap for > traceme, so it seems reasonable. Should has_capability() be out of lines and have security_real_capable() merged into it? And the same for has_capability_noaudit() and security_real_capable_noaudit()? > So yeah, I do like this version better. Perhaps a separate patch to optimise capable(). As I said, I'll see about benchmarking it. David -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
