diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2006-09-29 02:00:01 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-29 09:18:11 -0700 |
commit | 50462062a02226a698a211d5bd535376c89b8603 (patch) | |
tree | 07a34af458b338c609a35072b8c6fd1ed2a235a1 | |
parent | cfe14677f286c9be5d683b88214def8f4b8a6f24 (diff) |
[PATCH] fs.h: ifdef security fields
[assuming BSD security levels are deleted]
The only user of i_security, f_security, s_security fields is SELinux,
however, quite a few security modules are trying to get into kernel.
So, wrap them under CONFIG_SECURITY. Adding config option for each
security field is likely an overkill.
Following Stephen Smalley's suggestion, i_security initialization is
moved to security_inode_alloc() to not clutter core code with ifdefs
and make alloc_inode() codepath tiny little bit smaller and faster.
The user of (highly greppable) struct fown_struct::security field is
still to be found. I've checked every "fown_struct" and every "f_owner"
occurence. Additionally it's removal doesn't break i386 allmodconfig
build.
struct inode, struct file, struct super_block, struct fown_struct
become smaller.
P.S. Combined with two reiserfs inode shrinking patches sent to
linux-fsdevel, I can finally suck 12 reiserfs inodes into one page.
/proc/slabinfo
-ext2_inode_cache 388 10
+ext2_inode_cache 384 10
-inode_cache 280 14
+inode_cache 276 14
-proc_inode_cache 296 13
+proc_inode_cache 292 13
-reiser_inode_cache 336 11
+reiser_inode_cache 332 12 <=
-shmem_inode_cache 372 10
+shmem_inode_cache 368 10
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/inode.c | 1 | ||||
-rw-r--r-- | include/linux/fs.h | 8 | ||||
-rw-r--r-- | include/linux/security.h | 1 |
3 files changed, 7 insertions, 3 deletions
diff --git a/fs/inode.c b/fs/inode.c index f5c04dd9ae8a..abf77471e6c4 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -133,7 +133,6 @@ static struct inode *alloc_inode(struct super_block *sb) inode->i_bdev = NULL; inode->i_cdev = NULL; inode->i_rdev = 0; - inode->i_security = NULL; inode->dirtied_when = 0; if (security_inode_alloc(inode)) { if (inode->i_sb->s_op->destroy_inode) diff --git a/include/linux/fs.h b/include/linux/fs.h index 4caec6cebc42..6eafbe309483 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -553,7 +553,9 @@ struct inode { unsigned int i_flags; atomic_t i_writecount; +#ifdef CONFIG_SECURITY void *i_security; +#endif void *i_private; /* fs or device private pointer */ #ifdef __NEED_I_SIZE_ORDERED seqcount_t i_size_seqcount; @@ -645,7 +647,6 @@ struct fown_struct { rwlock_t lock; /* protects pid, uid, euid fields */ int pid; /* pid or -pgrp where SIGIO should be sent */ uid_t uid, euid; /* uid/euid of process setting the owner */ - void *security; int signum; /* posix.1b rt signal to be delivered on IO */ }; @@ -688,8 +689,9 @@ struct file { struct file_ra_state f_ra; unsigned long f_version; +#ifdef CONFIG_SECURITY void *f_security; - +#endif /* needed for tty driver, and maybe others */ void *private_data; @@ -877,7 +879,9 @@ struct super_block { int s_syncing; int s_need_sync_fs; atomic_t s_active; +#ifdef CONFIG_SECURITY void *s_security; +#endif struct xattr_handler **s_xattr; struct list_head s_inodes; /* all inodes */ diff --git a/include/linux/security.h b/include/linux/security.h index 9f56fb8a4a6c..9b5fea81f55e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1595,6 +1595,7 @@ static inline void security_sb_post_pivotroot (struct nameidata *old_nd, static inline int security_inode_alloc (struct inode *inode) { + inode->i_security = NULL; return security_ops->inode_alloc_security (inode); } |