On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote:
> On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
> > is there room for improvement in security_port_sid() ?
>
> Yes, lots of room. Also, it won't get called per-packet if you enable
> secmark (echo 0 > /selinux/compat_net or
On Tue, 27 Mar 2007, Sami Farin wrote:
> On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote:
> > On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
> > > is there room for improvement in security_port_sid() ?
> >
> > Yes, lots of room. Also, it won't get called per-packet if you
On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
> is there room for improvement in security_port_sid() ?
Yes, lots of room. Also, it won't get called per-packet if you enable
secmark (echo 0 > /selinux/compat_net or boot with selinux_compat_net=0
or build with
is there room for improvement in security_port_sid() ?
little test with dns queries (dnsfilter (the client) on local host
using poll() and dnscache (the server) using epoll (at max 4000 concurrent
queries):
(stats for only vmlinux)
CPU: P4 / Xeon, speed 2797.32 MHz (estimated)
Counted
is there room for improvement in security_port_sid() ?
little test with dns queries (dnsfilter (the client) on local host
using poll() and dnscache (the server) using epoll (at max 4000 concurrent
queries):
(stats for only vmlinux)
CPU: P4 / Xeon, speed 2797.32 MHz (estimated)
Counted
On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
is there room for improvement in security_port_sid() ?
Yes, lots of room. Also, it won't get called per-packet if you enable
secmark (echo 0 /selinux/compat_net or boot with selinux_compat_net=0
or build with
On Tue, 27 Mar 2007, Sami Farin wrote:
On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote:
On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
is there room for improvement in security_port_sid() ?
Yes, lots of room. Also, it won't get called per-packet if you enable
On Tue, Mar 27, 2007 at 09:40:23 -0400, Stephen Smalley wrote:
On Tue, 2007-03-27 at 13:06 +0300, Sami Farin wrote:
is there room for improvement in security_port_sid() ?
Yes, lots of room. Also, it won't get called per-packet if you enable
secmark (echo 0 /selinux/compat_net or boot with
8 matches
Mail list logo