On Wed, 2004-10-27 at 09:15, Serge E. Hallyn wrote: > I will start an RCU version and port SELinux to use the hashtable. I wouldn't bother. I would still advise builtin, chaining, or some hybrid of the two (then port SELinux to that approach for testing/measurement). The hash table approach would be a step backwards for LSM; I can see using it if we didn't already have per-object security fields and couldn't get them accepted, but it makes little sense given that we have them. Also, did you ever try the embedded header approach, as described in http://marc.theaimsgroup.com/?l=linux-security-module&m=99980953709764&w=2 and http://marc.theaimsgroup.com/?l=linux-security-module&m=99986372711363&w=2. That should impose very little overhead on the single LSM case. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 06:24:48 PDT