Re: [RFC] [PATCH] Replace security fields with hashtable

From: James Morris (jmorris@private)
Date: Wed Oct 27 2004 - 07:43:20 PDT

On Wed, 27 Oct 2004, Serge E. Hallyn wrote:

> I always liked the trusted bsd approach of an array inode->i_security[NUM_LSMS]
> better. but this is more flexible than that, while hopefully faster and cleaner
> than the purely voluntary chaining approach.

I think you'll find there is some wisdom in the BSD code :-)

Indexing an array is surely faster and cleaner than probing a hash chain?

For flexibility, you could make the array size tunable at boot.  How much
do we really care about out of tree LSMs?  And composing more than a very
small number of LSMs could be unsafe in any case, so a small static array 
should be enough.

> Do you have anything in mind for how to optimize for one LSM?

There are ways to optimize hash chain traversal if you know there is only 
one entry, but I would imagine something better could be done.

- James
James Morris

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 07:43:56 PDT