From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: Re: [NFS] [PATCH 06b/26] Security: Make NFSD work with detached security Date: Thu, 17 Jan 2008 23:02:06 +0000 Message-ID: <29216.1200610926@redhat.com> References: <28942.1200610127@redhat.com> <20080117204804.GC6416@fieldses.org> <20080115234724.22183.9603.stgit@warthog.procyon.org.uk> <20080115234652.22183.24850.stgit@warthog.procyon.org.uk> <20849.1200590240@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: "J. Bruce Fields" , neilb@suse.de, Trond.Myklebust@netapp.com, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org, nfs@lists.sourceforge.net, selinux@tycho.nsa.gov, casey@schaufler-ca.com, sds@tycho.nsa.gov To: unlisted-recipients:; (no To-header on input) Return-path: Received: from neil.brown.name ([220.233.11.133]:59842 "EHLO neil.brown.name" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751701AbYAQXCm (ORCPT ); Thu, 17 Jan 2008 18:02:42 -0500 Received: from brown by neil.brown.name with local (Exim 4.63) (envelope-from ) id 1JFdkr-0005Ic-3E for linux-nfs@vger.kernel.org; Fri, 18 Jan 2008 10:02:38 +1100 In-Reply-To: <28942.1200610127@redhat.com> Sender: linux-nfs-owner@vger.kernel.org List-ID: David Howells wrote: > J. Bruce Fields wrote: > > > Just curious--why? Are get_kernel_security(), etc., particularly > > expensive? > > It involves a kmalloc(). That means an extra possibility for an error. Plus > it may allow you to cache the result of checking whether, say, SELinux > security labels are allowed to be set when passed over NFS (if such is > possible). Apart from that, though, no, it's not particularly expensive. David ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ NFS maillist - NFS@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs _______________________________________________ Please note that nfs@lists.sourceforge.net is being discontinued. Please subscribe to linux-nfs@vger.kernel.org instead. http://vger.kernel.org/vger-lists.html#linux-nfs From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells In-Reply-To: <28942.1200610127@redhat.com> References: <28942.1200610127@redhat.com> <20080117204804.GC6416@fieldses.org> <20080115234724.22183.9603.stgit@warthog.procyon.org.uk> <20080115234652.22183.24850.stgit@warthog.procyon.org.uk> <20849.1200590240@redhat.com> Cc: dhowells@redhat.com, "J. Bruce Fields" , sds@tycho.nsa.gov, casey@schaufler-ca.com, Trond.Myklebust@netapp.com, neilb@suse.de, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, nfs@lists.sourceforge.net Subject: Re: [PATCH 06b/26] Security: Make NFSD work with detached security Date: Thu, 17 Jan 2008 23:02:06 +0000 Message-ID: <29216.1200610926@redhat.com> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov David Howells wrote: > J. Bruce Fields wrote: > > > Just curious--why? Are get_kernel_security(), etc., particularly > > expensive? > > It involves a kmalloc(). That means an extra possibility for an error. Plus > it may allow you to cache the result of checking whether, say, SELinux > security labels are allowed to be set when passed over NFS (if such is > possible). Apart from that, though, no, it's not particularly expensive. David -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758277AbYAQXDg (ORCPT ); Thu, 17 Jan 2008 18:03:36 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753220AbYAQXDZ (ORCPT ); Thu, 17 Jan 2008 18:03:25 -0500 Received: from mx1.redhat.com ([66.187.233.31]:39514 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754851AbYAQXDY (ORCPT ); Thu, 17 Jan 2008 18:03:24 -0500 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <28942.1200610127@redhat.com> References: <28942.1200610127@redhat.com> <20080117204804.GC6416@fieldses.org> <20080115234724.22183.9603.stgit@warthog.procyon.org.uk> <20080115234652.22183.24850.stgit@warthog.procyon.org.uk> <20849.1200590240@redhat.com> Cc: dhowells@redhat.com, "J. Bruce Fields" , sds@tycho.nsa.gov, casey@schaufler-ca.com, Trond.Myklebust@netapp.com, neilb@suse.de, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, nfs@lists.sourceforge.net Subject: Re: [PATCH 06b/26] Security: Make NFSD work with detached security X-Mailer: MH-E 8.0.3+cvs; nmh 1.2-20070115cvs; GNU Emacs 23.0.50 Date: Thu, 17 Jan 2008 23:02:06 +0000 Message-ID: <29216.1200610926@redhat.com> To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org David Howells wrote: > J. Bruce Fields wrote: > > > Just curious--why? Are get_kernel_security(), etc., particularly > > expensive? > > It involves a kmalloc(). That means an extra possibility for an error. Plus > it may allow you to cache the result of checking whether, say, SELinux > security labels are allowed to be set when passed over NFS (if such is > possible). Apart from that, though, no, it's not particularly expensive. David