Quoting David Howells (dhowells@xxxxxxxxxx): > Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > > > You have the 'acting_as' name for subj/eff, which I like. Is there > > another name you could use in place of 'real' in the name > > task_real_capable()? > > Ummm... 'Actual' or 'Assigned' perhaps? > > > I do find this version much easier to read. It seems easier to > > track capable+current_cred() vs real_capable+get_task_cred(). Could > > you do a few benchmarks to gauge whether the difference the > > optimization makes? > > Yeah... My main objection is passing around two or three superfluous arguments > in the common case. Most of the time, the only necessary argument to > sec->capable(): > > int (*capable) (struct task_struct *tsk, const struct cred *cred, > int cap, int audit); > > is cap; tsk, cred and audit are all superfluous in the (very) common case. > > How about: > > int (*fast_capable) (int cap); > > which assumes current, current_cred() and SECURITY_CAP_AUDIT? Well I'd rather it be called acting_capable() or self_acting_capable(), but the realy issue is how to make that work through the security_ops() layer without needless code duplication. It'd be ideal if it's doable, I agree. > Benchmarking is tricky, given that the individual savings will be relatively > small in comparison to the code that calls them. > > However, if I can get rid of three arguments passed into each of > security_capable(), selinux_capable() and cap_capable(), that really should > speed things up if you call it enough times, especially as current is held in a > register on some archs. > > I'll see what I can do. > > > I'm looking at a several-week-old linux-next, but only see one use of > > capable on another task which audits, and that is in commoncap for > > traceme, so it seems reasonable. > > Should has_capability() be out of lines and have security_real_capable() merged > into it? And the same for has_capability_noaudit() and > security_real_capable_noaudit()? > > > So yeah, I do like this version better. > > Perhaps a separate patch to optimise capable(). As I said, I'll see about > benchmarking it. Cool, thanks. In the meantime, I guess your first patch is in security-next anyway, right? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
