summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-04-28 15:11:21 -0400
committerEric Paris <eparis@redhat.com>2011-04-28 15:15:52 -0400
commit03a4c0182a156547edd5f2717c1702590fe36bbf (patch)
treec4585fab7c37d4eb2cc46e93c925e7c2a5e7b1a2 /init
parent2667991f60e67d28c495b8967aaabf84b4ccd560 (diff)
downloadlinux-3.10-03a4c0182a156547edd5f2717c1702590fe36bbf.tar.gz
linux-3.10-03a4c0182a156547edd5f2717c1702590fe36bbf.tar.bz2
linux-3.10-03a4c0182a156547edd5f2717c1702590fe36bbf.zip
SELinux: skip filename trans rules if ttype does not match parent dir
Right now we walk to filename trans rule list for every inode that is created. First passes at policy using this facility creates around 5000 filename trans rules. Running a list of 5000 entries every time is a bad idea. This patch adds a new ebitmap to policy which has a bit set for each ttype that has at least 1 filename trans rule. Thus when an inode is created we can quickly determine if any rules exist for this parent directory type and can skip the list if we know there is definitely no relevant entry. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions