diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2008-07-25 12:47:07 +0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-25 21:53:37 +0400 |
commit | 4efd1a1b2f09a4b746dd9dc057986c6dadcb1317 (patch) | |
tree | 048b7c286be2f17efce9b3482d9618cd150ee3f7 /security/Makefile | |
parent | e885dcde75685e09f23cffae1f6d5169c105b8a0 (diff) | |
download | linux-4efd1a1b2f09a4b746dd9dc057986c6dadcb1317.tar.xz |
devcgroup: relax white-list protection down to RCU
Currently this list is protected with a simple spinlock, even for reading
from one. This is OK, but can be better.
Actually I want it to be better very much, since after replacing the
OpenVZ device permissions engine with the cgroup-based one I noticed, that
we set 12 default device permissions for each newly created container (for
/dev/null, full, terminals, ect devices), and people sometimes have up to
20 perms more, so traversing the ~30-40 elements list under a spinlock
doesn't seem very good.
Here's the RCU protection for white-list - dev_whitelist_item-s are added
and removed under the devcg->lock, but are looked up in permissions
checking under the rcu_read_lock.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/Makefile')
0 files changed, 0 insertions, 0 deletions