1. 16 Dec, 2010 1 commit
    • Eric Paris's avatar
      SELinux: define permissions for DCB netlink messages · 350e4f31
      Eric Paris authored
      Commit 2f90b865 added two new netlink message types to the netlink route
      socket.  SELinux has hooks to define if netlink messages are allowed to
      be sent or received, but it did not know about these two new message
      types.  By default we allow such actions so noone likely noticed.  This
      patch adds the proper definitions and thus proper permissions
      enforcement.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      350e4f31
  2. 07 Dec, 2010 1 commit
    • Eric Paris's avatar
      selinux: cache sidtab_context_to_sid results · 73ff5fc0
      Eric Paris authored
      sidtab_context_to_sid takes up a large share of time when creating large
      numbers of new inodes (~30-40% in oprofile runs).  This patch implements a
      cache of 3 entries which is checked before we do a full context_to_sid lookup.
      On one system this showed over a x3 improvement in the number of inodes that
      could be created per second and around a 20% improvement on another system.
      
      Any time we look up the same context string sucessivly (imagine ls -lZ) we
      should hit this cache hot.  A cache miss should have a relatively minor affect
      on performance next to doing the full table search.
      
      All operations on the cache are done COMPLETELY lockless.  We know that all
      struct sidtab_node objects created will never be deleted until a new policy is
      loaded thus we never have to worry about a pointer being dereferenced.  Since
      we also know that pointer assignment is atomic we know that the cache will
      always have valid pointers.  Given this information we implement a FIFO cache
      in an array of 3 pointers.  Every result (whether a cache hit or table lookup)
      will be places in the 0 spot of the cache and the rest of the entries moved
      down one spot.  The 3rd entry will be lost.
      
      Races are possible and are even likely to happen.  Lets assume that 4 tasks
      are hitting sidtab_context_to_sid.  The first task checks against the first
      entry in the cache and it is a miss.  Now lets assume a second task updates
      the cache with a new entry.  This will push the first entry back to the second
      spot.  Now the first task might check against the second entry (which it
      already checked) and will miss again.  Now say some third task updates the
      cache and push the second entry to the third spot.  The first task my check
      the third entry (for the third time!) and again have a miss.  At which point
      it will just do a full table lookup.  No big deal!
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      73ff5fc0
  3. 02 Dec, 2010 1 commit
    • Eric Paris's avatar
      SELinux: do not compute transition labels on mountpoint labeled filesystems · 415103f9
      Eric Paris authored
      selinux_inode_init_security computes transitions sids even for filesystems
      that use mount point labeling.  It shouldn't do that.  It should just use
      the mount point label always and no matter what.
      
      This causes 2 problems.  1) it makes file creation slower than it needs to be
      since we calculate the transition sid and 2) it allows files to be created
      with a different label than the mount point!
      
      # id -Z
      staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
      # sesearch --type --class file --source sysadm_t --target tmp_t
      Found 1 semantic te rules:
         type_transition sysadm_t tmp_t : file user_tmp_t;
      
      # mount -o loop,context="system_u:object_r:tmp_t:s0"  /tmp/fs /mnt/tmp
      
      # ls -lZ /mnt/tmp
      drwx------. root root system_u:object_r:tmp_t:s0       lost+found
      # touch /mnt/tmp/file1
      # ls -lZ /mnt/tmp
      -rw-r--r--. root root staff_u:object_r:user_tmp_t:s0   file1
      drwx------. root root system_u:object_r:tmp_t:s0       lost+found
      
      Whoops, we have a mount point labeled filesystem tmp_t with a user_tmp_t
      labeled file!
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Reviewed-by: default avatarReviewed-by: James Morris <jmorris@namei.org>
      415103f9
  4. 30 Nov, 2010 11 commits
  5. 29 Nov, 2010 18 commits
  6. 28 Nov, 2010 8 commits