From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 24 00:45:08 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DCDDC23C for ; Fri, 24 Apr 2015 00:45:08 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AB62719C9 for ; Fri, 24 Apr 2015 00:45:08 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t3O0j8n9024319 for ; Fri, 24 Apr 2015 00:45:08 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 199654] [patch] Add additional hooks to MAC framework following vnode lookup and create operations Date: Fri, 24 Apr 2015 00:45:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: sdmoore@fas.harvard.edu X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2015 00:45:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199654 Bug ID: 199654 Summary: [patch] Add additional hooks to MAC framework following vnode lookup and create operations Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: sdmoore@fas.harvard.edu Keywords: patch Created attachment 155932 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155932&action=edit Patch adding hooks to the MAC framework and vnode operations Add hooks in the MAC subsystem following vnode lookup and create operations that allow MAC policies to update state in response to file system accesses and modifications. These hooks are used in the Shill research project (http://shill.seas.harvard.edu) to implement a capability-based sandbox, but could be used by any MAC policy that requires fine-grained tracking of filesystem access patterns. To evaluate the performance impact of this patch, I have run two benchmarks that test the overhead on lookup and create operations. The first benchmark "open-read-close" measures the time required to open the file "/tmp/file" (two lookup operations), read 1 byte, and close the file. The second benchmark "create-unlink" measures the time required to create a the file "/tmp/file" and then unlink it. I ran each benchmark in a tight loop lasting for 10 seconds and took 50 measurements. The measurements were taken on a ThinkPad x201 in single user mode, pinned to a single core. The performance impact appears to be negligible, within a few microseconds. A summary of the benchmarks is below (time in microseconds). Unpatched Patched Benchmark Mean SD Mean SD open-read-close 11.11 0.02 11.18 0.03 create-unlink 41.50 0.09 40.57 0.17 -- You are receiving this mail because: You are the assignee for the bug.