Re: [v9.1] sepgsql - userspace access vector cache

> -----Original Message-----
> From: Yeb Havinga [mailto:yebhavinga(at)gmail(dot)com]
> Sent: 22. Juli 2011 10:23
> To: Kohei Kaigai
> Cc: Robert Haas; PgHacker; Kohei KaiGai
> Subject: Re: [HACKERS] [v9.1] sepgsql - userspace access vector cache
>
> On 2011-07-21 11:29, Kohei Kaigai wrote:
> > The attached patch is revised userspace-avc patch.
> >
> > List of updates:
> > - The GUC of sepgsql.avc_threshold was removed.
> > - "char *ucontext" of avc_cache was replaced by "bool tcontext_is_valid".
> > - Comments added onto static variables
> > - Comments of sepgsql_avc_unlabeled() was revised.
> > - Comments of sepgsql_avc_compute() was simplified.
> > - Comments of sepgsql_avc_check_perms_label() also mention about
> > permissive domain, that performs similar to system's permissive mode.
> > - selinux_status_close() become invoked on on_proc_exit() hook.
> Thank you for the update, I'm looking at it right now and with a new look have some more questions.
> I took the liberty to supply a patch to be applied after your v5 uavc patch.
>
> 1) At a few call sites of sepgsql_avc_lookup, a null tcontext is detected, and then replaced by
> "unlabeled". I moved this to sepgsql_avc_lookup itself.
>
Good improvement.

> 2) Also I thought if it could work to not remember tcontext is valid, but instead remember the consequence,
> which is that it is replaced by "unlabeled". It makes the avc_cache struct shorter and the code somewhat
> simpler.
>
Here is a reason why we hold tcontext, even if it is not valid.
The hash key of avc_cache is combination of scontext, tcontext and tclass. Thus, if we replaced an invalid
tcontext by unlabeled context, it would always make cache mishit and performance loss.

Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei(dot)kaigai(at)emea(dot)nec(dot)com>