SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [RFC PATCH v8 10/18] SELinux: Add a network node caching mechanism similar to the sel_netif_() functions This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Paul Moore <paul.moore_at_hp.com> Date: Mon, 17 Dec 2007 15:56:20 -0500 On Monday 17 December 2007 3:35:28 pm Stephen Smalley wrote: > On Fri, 2007-12-14 at 16:50 -0500, Paul Moore wrote:* > > This patch adds a SELinux IP address/node SID caching mechanism similar > > to the sel_netif_() functions. The node SID queries in the SELinux* > > hooks files are also modified to take advantage of this new > > functionality. In addition, remove the address length information from > > the sk_buff parsing routines as it is redundant since we already have the > > address family. > > This is very nice - we also need the same kind of cache for port SIDs. Thanks. Any problem if we wait until 2.6.26 for a port SID cache? It shouldn't be any worse than it is now (the new code is not concerned with ports) and the current patchset is already large enough that it keeps me up at night thinking about all the places it could go wrong ... -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 17 Dec 2007 - 16:28:05 EST This message: [ Message body ] Next message: Ted X Toth: "[Fwd: Re: [Fwd: f8 X policy]]" Previous message: Paul Moore: "Re: [RFC PATCH v8 18/18] SELinux: Add network ingress and egress control permission checks" In reply to: Stephen Smalley: "Re: [RFC PATCH v8 10/18] SELinux: Add a network node caching mechanism similar to the sel_netif_() functions" Next in thread: James Morris: "Re: [RFC PATCH v8 10/18] SELinux: Add a network node caching mechanism similar to the sel_netif_() functions" Reply: James Morris: "Re: [RFC PATCH v8 10/18] SELinux: Add a network node caching mechanism similar to the sel_netif_() functions" Reply: Stephen Smalley: "Re: [RFC PATCH v8 10/18] SELinux: Add a network node caching mechanism similar to the sel_netif_() functions" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom