Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [PATCH 1/2] Conditionally expand neverallows
From: Karl MacMillan <kmacmillan_at_mentalrootkit.com>
Date: Tue, 25 Jul 2006 12:09:27 -0400
How much memory does it take to expand the neverallow rules for a typical reference policy? Can you post some hashtable stats - this might make the chains very long and hurt performance for looking up non-neverallow rules. These tradeoffs may be fine for analysis, but it would be nice to have some comments explaining the effects for other users of the library. <snip>
> +static void expand_state_init(expand_state_t *state) I assume you've audited everywhere expand is currently called to use this function? <snip>
> @@ -1200,7 +1210,7 @@ static int expand_rule_helper(sepol_hand It might be cleaner to have a new define with AVRULE_AV and AVRULE_NEVERALLOW already or'd. I don't feel strongly about it though.
> @@ -1264,13 +1274,14 @@ static int convert_and_expand_rule(sepol Magic return code.
> ebitmap_init(&stypes); I think that the copying of the neverallows needs to be factored out completely - it is a strange side effect of expansion. The expansion functions should just, well, expand rules. Karl -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 25 Jul 2006 - 12:09:32 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |