Re: oprofile / selinux / security_port_sid

On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote: > On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote: > > is there room for improvement in security_port_sid() ? > > Yes, lots of room. Also, it won't get called per-packet if you enable > secmark (echo 0 > /selinux/compat_net or

Re: oprofile / selinux / security_port_sid

On Tue, 27 Mar 2007, Sami Farin wrote: > On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote: > > On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote: > > > is there room for improvement in security_port_sid() ? > > > > Yes, lots of room. Also, it won't get called per-packet if you

Re: oprofile / selinux / security_port_sid

On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote: > is there room for improvement in security_port_sid() ? Yes, lots of room. Also, it won't get called per-packet if you enable secmark (echo 0 > /selinux/compat_net or boot with selinux_compat_net=0 or build with

oprofile / selinux / security_port_sid

is there room for improvement in security_port_sid() ? little test with dns queries (dnsfilter (the client) on local host using poll() and dnscache (the server) using epoll (at max 4000 concurrent queries): (stats for only vmlinux) CPU: P4 / Xeon, speed 2797.32 MHz (estimated) Counted

oprofile / selinux / security_port_sid

is there room for improvement in security_port_sid() ? little test with dns queries (dnsfilter (the client) on local host using poll() and dnscache (the server) using epoll (at max 4000 concurrent queries): (stats for only vmlinux) CPU: P4 / Xeon, speed 2797.32 MHz (estimated) Counted

Re: oprofile / selinux / security_port_sid

On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote: is there room for improvement in security_port_sid() ? Yes, lots of room. Also, it won't get called per-packet if you enable secmark (echo 0 /selinux/compat_net or boot with selinux_compat_net=0 or build with

Re: oprofile / selinux / security_port_sid

On Tue, 27 Mar 2007, Sami Farin wrote: On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote: On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote: is there room for improvement in security_port_sid() ? Yes, lots of room. Also, it won't get called per-packet if you enable

Re: oprofile / selinux / security_port_sid

On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote: On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote: is there room for improvement in security_port_sid() ? Yes, lots of room. Also, it won't get called per-packet if you enable secmark (echo 0 /selinux/compat_net or boot with