Re: [PATCH RFC v2 19/22] selinux: validate symbols

From: Paul Moore
Date: Tue Jan 07 2025 - 22:02:09 EST

Next message: Paul Moore: "Re: [PATCH RFC v2 15/22] selinux: introduce ebitmap_highest_set_bit()"
Previous message: Paul Moore: "Re: [PATCH RFC v2 12/22] selinux: check length fields in policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Dec 16, 2024 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote:
>
> Some symbol tables need to be validated after indexing, since during
> indexing their referenced entries might not yet have been indexed.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> security/selinux/ss/policydb.c | 94 ++++++++++++++++++++++++++++++++++
> 1 file changed, 94 insertions(+)

Out of curiosity, have you measured the policy load times before and
after this patchset? I'd like to understand the performance impact of
the additional checks and validations.

--
paul-moore.com

Next message: Paul Moore: "Re: [PATCH RFC v2 15/22] selinux: introduce ebitmap_highest_set_bit()"
Previous message: Paul Moore: "Re: [PATCH RFC v2 12/22] selinux: check length fields in policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]