Re: [v9.1] sepgsql - userspace access vector cache
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Yeb Havinga <yebhavinga@gmail.com>
Cc: Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, Robert Haas <robertmhaas@gmail.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2011-07-22T12:08:40Z
Lists: pgsql-hackers
Attachments
- pgsql-v9.2-uavc-selinux.v6.patch (text/x-patch)
2011/7/22 Yeb Havinga <yebhavinga@gmail.com>: > On 2011-07-22 11:55, Kohei Kaigai wrote: >> >>> 2) Also I thought if it could work to not remember tcontext is valid, but >>> instead remember the consequence, >>> which is that it is replaced by "unlabeled". It makes the avc_cache >>> struct shorter and the code somewhat >>> simpler. >>> >> Here is a reason why we hold tcontext, even if it is not valid. >> The hash key of avc_cache is combination of scontext, tcontext and tclass. >> Thus, if we replaced an invalid >> tcontext by unlabeled context, it would always make cache mishit and >> performance loss. > > I see that now, thanks. > > I have no further comments, and I think that the patch in it's current > status is ready for committer. > Thanks for your reviewing. The attached patch is a revised one according to your suggestion to include fallback for 'unlabeled' label within sepgsql_avc_lookup(). And I found a noise in regression test results, so eliminated it from v5. -- KaiGai Kohei <kaigai@kaigai.gr.jp>