Date: Mon, 22 Jul 2002 21:06:20 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14757 for review Message-ID: <200207230406.g6N46Kr4063477@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14757 Change 14757 by rwatson@rwatson_paprika on 2002/07/22 21:06:13 Introduce sysctl/tunable security.mac.cache_fslabel_in_vnode, which permits agressive caching of the mount fslabel in vnode labels, assuming that no individual label is available. Since we don't permit relabeling the mountpoint fslabel right now, enable by default, which will prevent repeated updating of a vnode label from the mountpoint when we know the mountpoint will never change labels. In the future if/when we permit the relabeling of the mountpoint, this would need to be turned off if use of that feature was anticipated. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#187 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#187 (text+ko) ==== @@ -128,6 +128,12 @@ SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, &mac_label_size, 0, "Pre-compiled MAC label size"); +static int mac_cache_fslabel_in_vnode = 1; +SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW, + &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode"); +TUNABLE_INT("security.mac.cache_fslabel_in_vnode", + &mac_cache_fslabel_in_vnode); + static unsigned int mac_ea_cache_hits = 0; SYSCTL_UINT(_security_mac, OID_AUTO, ea_cache_hits, CTLFLAG_RD, &mac_ea_cache_hits, 0, @@ -948,6 +954,9 @@ MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + + if (mac_cache_fslabel_in_vnode) + vp->v_flag |= VCACHEDLABEL; } /* @@ -989,9 +998,7 @@ case ENOATTR: /* - * Use the label from the mount point. Since we may want - * to let this label be updated, don't set the caching - * flag. + * Use the label from the mount point. */ mac_update_vnode_from_mount(vp, vp->v_mount); return (0); @@ -1060,6 +1067,9 @@ return (EBADF); } + if (mac_cache_fslabel_in_vnode) + return (0); + if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(vp, vp->v_mount); return (0); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207230406.g6N46Kr4063477>