From owner-p4-projects Mon Jul 22 21: 6:26 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4A2C637B401; Mon, 22 Jul 2002 21:06:21 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0090F37B400 for ; Mon, 22 Jul 2002 21:06:21 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97FA243E42 for ; Mon, 22 Jul 2002 21:06:20 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6N46KJU063480 for ; Mon, 22 Jul 2002 21:06:20 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6N46Kr4063477 for perforce@freebsd.org; Mon, 22 Jul 2002 21:06:20 -0700 (PDT) Date: Mon, 22 Jul 2002 21:06:20 -0700 (PDT) Message-Id: <200207230406.g6N46Kr4063477@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 14757 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14757 Change 14757 by rwatson@rwatson_paprika on 2002/07/22 21:06:13 Introduce sysctl/tunable security.mac.cache_fslabel_in_vnode, which permits agressive caching of the mount fslabel in vnode labels, assuming that no individual label is available. Since we don't permit relabeling the mountpoint fslabel right now, enable by default, which will prevent repeated updating of a vnode label from the mountpoint when we know the mountpoint will never change labels. In the future if/when we permit the relabeling of the mountpoint, this would need to be turned off if use of that feature was anticipated. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#187 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#187 (text+ko) ==== @@ -128,6 +128,12 @@ SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, &mac_label_size, 0, "Pre-compiled MAC label size"); +static int mac_cache_fslabel_in_vnode = 1; +SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW, + &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode"); +TUNABLE_INT("security.mac.cache_fslabel_in_vnode", + &mac_cache_fslabel_in_vnode); + static unsigned int mac_ea_cache_hits = 0; SYSCTL_UINT(_security_mac, OID_AUTO, ea_cache_hits, CTLFLAG_RD, &mac_ea_cache_hits, 0, @@ -948,6 +954,9 @@ MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + + if (mac_cache_fslabel_in_vnode) + vp->v_flag |= VCACHEDLABEL; } /* @@ -989,9 +998,7 @@ case ENOATTR: /* - * Use the label from the mount point. Since we may want - * to let this label be updated, don't set the caching - * flag. + * Use the label from the mount point. */ mac_update_vnode_from_mount(vp, vp->v_mount); return (0); @@ -1060,6 +1067,9 @@ return (EBADF); } + if (mac_cache_fslabel_in_vnode) + return (0); + if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(vp, vp->v_mount); return (0); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message