On Monday 17 December 2007 3:35:28 pm Stephen Smalley wrote: > On Fri, 2007-12-14 at 16:50 -0500, Paul Moore wrote: > > This patch adds a SELinux IP address/node SID caching mechanism similar > > to the sel_netif_*() functions. The node SID queries in the SELinux > > hooks files are also modified to take advantage of this new > > functionality. In addition, remove the address length information from > > the sk_buff parsing routines as it is redundant since we already have the > > address family. > > This is very nice - we also need the same kind of cache for port SIDs. Thanks. Any problem if we wait until 2.6.26 for a port SID cache? It shouldn't be any worse than it is now (the new code is not concerned with ports) and the current patchset is already large enough that it keeps me up at night thinking about all the places it could go wrong ... -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.