On Wed, Sep 19, 2012 at 01:25:26PM +0300, Kasatkin, Dmitry wrote:
> On Wed, Sep 19, 2012 at 7:21 AM, James Morris <jmorris@xxxxxxxxx> wrote:
> > On Tue, 18 Sep 2012, Kasatkin, Dmitry wrote:
> >
> >> I looked to <linux/fs.h> and found that there is a possibility to to
> >> add additional flag for sb->s_flags.
> >> For example
> >>
> >> #define MS_NOT_IMA (1<<25) /* NOT_IMA */
> >> #define IS_I_NOT_IMA(inode) __IS_FLG(inode, MS_NOT_IMA)
> >>
> >>
> >> Another way is to add additional dedicated integrity related member to
> >> the sb structure.
> >> struct super_block {
> >> ...
> >> #ifdef CONFIG_INTEGRITY
> >> int s_integrity;
> >> #endif
> >> };
> >>
> >> Obviously there are only few super blocks in the system and few bytes
> >> will not harm.
> >
> > The flag seems better than adding a new struct member. Why would you need
> > an int for this?
> >
>
> int is not really needed. It may be char. I just thought that normally
> we have around 10 super blocks
> and it 10 or 40 bytes does not really mater...
Maybe not, but if you use something more generic
unsigned int s_feature_flags
#define SF_IMA_ENABLED
then there'd be more uses for that field.
(Two that nfsd would use:
- does this filesystem support a changeattribute? (currently a
mount flag but that doesn't really make sense in general)
- is this filesystem case-insensitive? (whatever that means)
)
--b.
>
> Actually there is more severe case. IMA cache objects "iint" per inode
> have following members:
> enum integrity_status ima_status;
> enum integrity_status evm_status;
>
> And it is only 5 values per each or 10 values per 8 bytes.
> 8 bytes can be easily replaced by 1 byte.
>
> Should we improve it?
>
> >
> >
> > - James
> > --
> > James Morris
> > <jmorris@xxxxxxxxx>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
