dynamic context transitions
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Mon Nov 1 22:21:11 GMT 2004
On Mon, Nov 01, 2004 at 03:50:33PM -0500, Stephen Smalley wrote:
> On Mon, 2004-11-01 at 16:00, Luke Kenneth Casson Leighton wrote:
> > > Except that SELinux mediates access to file descriptors upon transfer
> > > via local socket IPC as well as attempted use for read/write, so SELinux
> > > is still going to apply a permission check to the parent smbd process in
> > > that situation.
> >
> > that i would expect.
>
> So you are ok with allowing smbd_t the union of all smbd_$1_t
> permissions?
i haven't analysed the samba.te policy in enough detail to be able to
say.
> > > Not to mention that this no doubt has a significant
> > > cost.
> >
> > that i was not expecting.
>
> Not the cost of the mediation, the cost of fork+exec'ing these children
> for each client.
oh right!
> Isn't that likely to add significant overhead?
that can be mitigated against by using techniques already in place in
apache: pre-forking.
i am genuinely surprised that, several years after apache deployed the
technique of pre-forking (which wasn't new then), samba doesn't do
likewise.
... so that would leave russell's and andrew's technique still as the
top simplest solution, with pre-forking as a possible way to reduce
latency.
l.
More information about the samba-technical
mailing list