From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <446B3E11.6040302@gentoo.org> Date: Wed, 17 May 2006 11:15:29 -0400 From: Joshua Brindle MIME-Version: 1.0 To: Daniel J Walsh CC: Stephen Smalley , Steve Grubb , SE Linux Subject: Re: Real simple cache that removes most of the lookups in mcstrans References: <446AFED3.9010800@redhat.com> <446B2A98.3090603@gentoo.org> <446B3B51.1060703@redhat.com> In-Reply-To: <446B3B51.1060703@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Daniel J Walsh wrote: > Joshua Brindle wrote: >> Daniel J Walsh wrote: >>> Basically check if the previous lookup was the same context, if yes >>> return the same translation. Otherwise do the lookup. >>> >>> Also included Russells patch for avcstat. >> Is this used on MLS? If so this cache needs to be cleared on policy >> reload for proper revocation of translation access. Further, this has >> no way of checking to see if the actual translations changed between >> the last query and this one. > Yes, you mean translation change, I think. Since I do not see where > policy reload would effect this. We could add some kind of timer to > this, but refreshing the cache is a small problem, but this same > problem existed with shared libraries. > Because on an MLS system the server will be deciding whether or not you have permission to see a particular translation and a policy reload would affect that. The same problem did exist with the shared libraries but we aren't using them anymore :) the server should be smart enough to handle this. If client side caching is really desired it needs to work like an avc where you can get flush notifications from the server. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.