On Saturday 15 July 2006 6:39 pm, James Morris wrote:
> On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > +int cipso_v4_cache_add(const struct sk_buff *skb,
> > + const struct netlbl_lsm_secattr *secattr)
> > +{
>
> It seems that this cache grows without bounds, correct?
Unless I messed something up the cache is limited to CIPSO_V4_CACHE_BUCKETS *
cipso_v4_cache_bucketsize; see the bottom half of cipso_v4_cache_add() for
details.
> Also, how do you handle the case of a change to a cached mapping?
Through the use of cipso_v4_cache_invalidate() which gets called on CIPSO DOI
deletes and SELinux policy [re]loads. It's a bit heavy handed in that it
clears the entire cache, but both events should be pretty rare in practice
and the extra work to clear specific cache entries probably isn't worth it.
--
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
