Re: [v9.1] sepgsql - userspace access vector cache

BTW, what is the current status of this patch?
The status of contrib/sepgsql part is unclear for me, although we agreed that
syscache is suitable mechanism for security labels.

Thanks,

2011/7/22 Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>:
> 2011/7/22 Yeb Havinga <yebhavinga(at)gmail(dot)com>:
>> On 2011-07-22 11:55, Kohei Kaigai wrote:
>>>
>>>> 2) Also I thought if it could work to not remember tcontext is valid, but
>>>> instead remember the consequence,
>>>> which is that it is replaced by "unlabeled". It makes the avc_cache
>>>> struct shorter and the code somewhat
>>>> simpler.
>>>>
>>> Here is a reason why we hold tcontext, even if it is not valid.
>>> The hash key of avc_cache is combination of scontext, tcontext and tclass.
>>> Thus, if we replaced an invalid
>>> tcontext by unlabeled context, it would always make cache mishit and
>>> performance loss.
>>
>> I see that now, thanks.
>>
>> I have no further comments, and I think that the patch in it's current
>> status is ready for committer.
>>
> Thanks for your reviewing.
>
> The attached patch is a revised one according to your suggestion to
> include fallback for 'unlabeled' label within sepgsql_avc_lookup().
> And I found a noise in regression test results, so eliminated it from v5.
> --
> KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
>
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>