Serge E. Hallyn <serue@us.ibm.com> wrote:

quoted text
> Seems *really* weird that every time you send this, patch 6 doesn't seem
> to reach me in any of my mailboxes...  (did get it from the url
> you listed)

It's the largest of the patches, so that's not entirely surprising.  Hence why
I included the URL to the tarball also.

quoted text
> I'm sorry if I miss where you explicitly state this, but is it safe to
> assume, as perusing the patches suggests, that
> 
> 	1. tsk->sec never changes other than in task_alloc_security()?  

Correct.

quoted text
> 	2. tsk->act_as is only ever dereferenced from (a) current->

That ought to be correct.

quoted text
> 	   except (b) in do_coredump?

Actually, do_coredump() only deals with current->act_as.

quoted text
> (thereby carefully avoiding locking issues)

That's the idea.

quoted text
> I'd still like to see some performance numbers.  Not to object to
> these patches, just to make sure there's no need to try and optimize
> more of the dereferences away when they're not needed.

I hope that the performance impact is minimal.  The kernel should spend very
little time looking at the security data.  I'll try and get some though.

quoted text
> Oh, manually copied from patch 6, I see you have in the task_security
> struct definition:
> 
> 	kernel_cap_t    cap_bset;       /* ? */
> 
> That comment can be filled in with 'capability bounding set' (for this
> task and all its future descendents).

Thanks.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html