On Mon, Nov 04, 2002 at 06:51:05PM +0000, Henrý Þór Baldursson wrote: > Writing something like a file verdict cache isn't the problem. The > cache could be a finite size array of pointers. On open() and read() > calls, the cache would be checked, to see if this file has been given a > verdict, if not, a verification callback function would be called on it > to supply us with a verdict and a cache entry. Any write() calls would > expunge files from this cache entry. I'm guessing that any overhead of trying to cache this info, and check the cache for any previous results, and catch for any changed process information (remember processes can pass file handles around), would be equal to (if not take up more memory than) just doing the check in the first place. > Anyone out there like that idea? If so then I'll consider devising a > prototype. Whip up a prototype as that's the best thing to try to understand what you are proposing here. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 10:58:36 PST