-----Original Message-----
From: linux-security-module-bounces@private
[mailto:linux-security-module-bounces@private] On Behalf Of Serge
Hallyn
Sent: Tuesday, November 23, 2004 12:31 PM
To: James Morris; Stephen Smalley; Chris Wright
Cc: LSM Mailing List
Subject: [RFC] [PATCH] Stacking through chaining (v3)
Attached is the next set of patches to implement stacking through
chaining. The kernel object security pointers are now always
hlist_heads. However when stacker is not compiled in,
security_{set,get,del}_value become macros which do not search the hlist
at all. This does make for better performance than simply always using
the functions in security/security.c. (I can send lmbench results for
that setup if anyone likes), but is just as fast as (within stdev,
faster than :) the last version which redefined the security field
depending on CONFIG_SECURITY_STACKER.
The attached chain3-2 shows the results for this patched kernel
(rc2-bk4) with stacker compiled out and selinux+capabilities compiled
in. nostack is the old results from rc1-bk12 with no stacking patch.
The patches were applied in the following order:
lsm-chain.patch
seclvl-stack.patch
selinux-stack.patch
stacker.patch
stacker-selinux-procattr-hack.patch
thanks,
-serge
--
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@private
This archive was generated by hypermail 2.1.3 : Tue Nov 23 2004 - 11:30:46 PST