Thread

  1. Re: [v9.1] sepgsql - userspace access vector cache

    Kohei KaiGai <kaigai@kaigai.gr.jp> — 2011-07-22T12:08:40Z

    2011/7/22 Yeb Havinga <yebhavinga@gmail.com>:
    > On 2011-07-22 11:55, Kohei Kaigai wrote:
    >>
    >>> 2) Also I thought if it could work to not remember tcontext is valid, but
    >>> instead remember the consequence,
    >>> which is that it is replaced by "unlabeled". It makes the avc_cache
    >>> struct shorter and the code somewhat
    >>> simpler.
    >>>
    >> Here is a reason why we hold tcontext, even if it is not valid.
    >> The hash key of avc_cache is combination of scontext, tcontext and tclass.
    >> Thus, if we replaced an invalid
    >> tcontext by unlabeled context, it would always make cache mishit and
    >> performance loss.
    >
    > I see that now, thanks.
    >
    > I have no further comments, and I think that the patch in it's current
    > status is ready for committer.
    >
    Thanks for your reviewing.
    
    The attached patch is a revised one according to your suggestion to
    include fallback for 'unlabeled' label within sepgsql_avc_lookup().
    And I found a noise in regression test results, so eliminated it from v5.
    -- 
    KaiGai Kohei <kaigai@kaigai.gr.jp>