788e7dd4c2
It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> |
||
---|---|---|
.. | ||
av_inherit.h | ||
av_perm_to_string.h | ||
av_permissions.h | ||
avc.h | ||
avc_ss.h | ||
class_to_string.h | ||
common_perm_to_string.h | ||
conditional.h | ||
flask.h | ||
initial_sid_to_string.h | ||
netif.h | ||
netlabel.h | ||
objsec.h | ||
security.h | ||
xfrm.h |