On Fri, Aug 27, 2010 at 11:48 AM, Eric Paris <eparis@xxxxxxxxxxxxxx> wrote: > 2010/8/27 KaiGai Kohei <kaigai@xxxxxxxxxxxxx>: >> I revised the /selinux/status implementation. >> >> * It becomes to report 'deny_unknown'. Userspace object manager >> also reference this flag to decide its behavior when the loaded >> policy does not support expected object classes. >> * It provided PAGE_READONLY to remap_pfn_range() as page protection >> flag independent from argument of mmap(2), but it was uncommon. >> I fixed to pass vma->vm_page_prot instead of the hardwired flag >> according to any other implementation style. >> Now it returns an error, if user tries to map /selinux/status as >> writable pages. > > I really hate blowing 4k of memory on every system to show 40 bytes of > data on just a few systems. Is there any change we could allocate the > page the first time it is needed rather that at boot? I know compared > to the size of policy and other memory usage in SELinux it's odd for > me to complain, but I've decided to get on a reduction if possible > kick. > > Only other comment is that __initcall() is deprecated and we are > supposed to use device_initcall() now. > > If you plan to use it, I'll ack if you change both of those things.... actually if you move to dynamic allocation of the status page and use static DEFINE_SPINLOCK instead of static spinlock_t you can get rid of the __init() code altogether.... -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
