Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Apr 2015 00:45:08 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 199654] [patch] Add additional hooks to MAC framework following vnode lookup and create operations
Message-ID:  <bug-199654-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199654

            Bug ID: 199654
           Summary: [patch] Add additional hooks to MAC framework
                    following vnode lookup and create operations
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: sdmoore@fas.harvard.edu
          Keywords: patch

Created attachment 155932
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155932&action=edit
Patch adding hooks to the MAC framework and vnode operations

Add hooks in the MAC subsystem following vnode lookup and create operations
that allow MAC policies to update state in response to file system accesses and
modifications.

These hooks are used in the Shill research project
(http://shill.seas.harvard.edu) to implement a capability-based sandbox, but
could be used by any MAC policy that requires fine-grained tracking of
filesystem access patterns.

To evaluate the performance impact of this patch, I have run two benchmarks
that test the overhead on lookup and create operations. The first benchmark
"open-read-close" measures the time required to open the file "/tmp/file" (two
lookup operations), read 1 byte, and close the file. The second benchmark
"create-unlink" measures the time required to create a the file "/tmp/file" and
then unlink it. I ran each benchmark in a tight loop lasting for 10 seconds and
took 50 measurements. The measurements were taken on a ThinkPad x201 in single
user mode, pinned to a single core. The performance impact appears to be
negligible, within a few microseconds. A summary of the benchmarks is below
(time in microseconds).

                  Unpatched       Patched
Benchmark          Mean     SD     Mean     SD
open-read-close   11.11   0.02    11.18   0.03
create-unlink     41.50   0.09    40.57   0.17

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199654-8>