On Tue, 16 Sep 2008, Paul Moore wrote: > NetLabel has always had a list of backpointers in the CIPSO DOI definition > structure which pointed to the NetLabel LSM domain mapping structures which > referenced the CIPSO DOI struct. The rationale for this was that when an > administrator removed a CIPSO DOI from the system all of the associated > NetLabel LSM domain mappings should be removed as well; a list of > backpointers made this a simple operation. > > Unfortunately, while the backpointers did make the removal easier they were > a bit of a mess from an implementation point of view which was making > further development difficult. Since the removal of a CIPSO DOI is a > realtively rare event it seems to make sense to remove this backpointer > list as the optimization was hurting us more then it was helping. However, > we still need to be able to track when a CIPSO DOI definition is being used > so replace the backpointer list with a reference count. In order to > preserve the current functionality of removing the associated LSM domain > mappings when a CIPSO DOI is removed we walk the LSM domain mapping table, > removing the relevant entries. > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> Reviewed-by: James Morris <jmorris@xxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
