Re: [v9.1] sepgsql - userspace access vector cache

2011/7/22 Yeb Havinga <yebhavinga@gmail.com>:
> On 2011-07-22 11:55, Kohei Kaigai wrote:
>>
>>> 2) Also I thought if it could work to not remember tcontext is valid, but
>>> instead remember the consequence,
>>> which is that it is replaced by "unlabeled". It makes the avc_cache
>>> struct shorter and the code somewhat
>>> simpler.
>>>
>> Here is a reason why we hold tcontext, even if it is not valid.
>> The hash key of avc_cache is combination of scontext, tcontext and tclass.
>> Thus, if we replaced an invalid
>> tcontext by unlabeled context, it would always make cache mishit and
>> performance loss.
>
> I see that now, thanks.
>
> I have no further comments, and I think that the patch in it's current
> status is ready for committer.
>
Thanks for your reviewing.

The attached patch is a revised one according to your suggestion to
include fallback for 'unlabeled' label within sepgsql_avc_lookup().
And I found a noise in regression test results, so eliminated it from v5.
--
KaiGai Kohei <kaigai@kaigai.gr.jp>