summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorYuichi Nakamura <ynakam@hitachisoft.jp>2007-09-14 09:27:07 +0900
committerJames Morris <jmorris@namei.org>2007-10-17 08:59:31 +1000
commit788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (patch)
treecbe2d2a360aaf7dc243bef432e1c50507ae6db7b /fs
parent3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (diff)
downloadlinux-788e7dd4c22e6f41b3a118fd8c291f831f6fddbb.tar.gz
linux-788e7dd4c22e6f41b3a118fd8c291f831f6fddbb.tar.bz2
linux-788e7dd4c22e6f41b3a118fd8c291f831f6fddbb.zip
SELinux: Improve read/write performance
It reduces the selinux overhead on read/write by only revalidating permissions in selinux_file_permission if the task or inode labels have changed or the policy has changed since the open-time check. A new LSM hook, security_dentry_open, is added to capture the necessary state at open time to allow this optimization. (see http://marc.info/?l=selinux&m=118972995207740&w=2) Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/open.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/open.c b/fs/open.c
index 1d9e5e98bf4e..044bfa891c94 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -757,6 +757,10 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
f->f_op = fops_get(inode->i_fop);
file_move(f, &inode->i_sb->s_files);
+ error = security_dentry_open(f);
+ if (error)
+ goto cleanup_all;
+
if (!open && f->f_op)
open = f->f_op->open;
if (open) {