1
linux/security/selinux
Eric Paris af8ff04917 SELinux: reset the security_ops before flushing the avc cache
This patch resets the security_ops to the secondary_ops before it flushes
the avc.  It's still possible that a task on another processor could have
already passed the security_ops dereference and be executing an selinux hook
function which would add a new avc entry.  That entry would still not be
freed.  This should however help to reduce the number of needless avcs the
kernel has when selinux is disabled at run time.  There is no wasted
memory if selinux is disabled on the command line or not compiled.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-09-30 19:17:06 +10:00
..
include selinux: Support for the new TUN LSM hooks 2009-09-01 08:29:52 +10:00
ss Merge branch 'master' into next 2009-06-19 08:20:55 +10:00
avc.c SELinux: do not destroy the avc_cache_nodep 2009-09-23 11:16:20 -07:00
exports.c Creds: creds->security can be NULL is selinux is disabled 2009-09-14 12:34:07 +10:00
hooks.c SELinux: reset the security_ops before flushing the avc cache 2009-09-30 19:17:06 +10:00
Kconfig
Makefile
netif.c
netlabel.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00
netlink.c
netnode.c
netport.c
nlmsgtab.c SELinux: define audit permissions for audit tree netlink messages 2009-06-03 07:44:53 +10:00
selinuxfs.c selinux: remove obsolete read buffer limit from sel_read_bool 2009-05-19 23:56:11 +10:00
xfrm.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00