From 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb Mon Sep 17 00:00:00 2001 From: Yuichi Nakamura Date: Fri, 14 Sep 2007 09:27:07 +0900 Subject: SELinux: Improve read/write performance It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura Acked-by: Stephen Smalley Signed-off-by: James Morris --- security/selinux/include/objsec.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'security/selinux/include/objsec.h') diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 91b88f0ba20..642a9fd319a 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -53,6 +53,8 @@ struct file_security_struct { struct file *file; /* back pointer to file object */ u32 sid; /* SID of open file description */ u32 fown_sid; /* SID of file owner (for SIGIO) */ + u32 isid; /* SID of inode at the time of file open */ + u32 pseqno; /* Policy seqno at the time of file open */ }; struct superblock_security_struct { -- cgit v1.2.3-18-g5258