[Bug 199654] [patch] Add additional hooks to MAC framework following vnode lookup and create operations
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Apr 24 00:45:09 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199654
Bug ID: 199654
Summary: [patch] Add additional hooks to MAC framework
following vnode lookup and create operations
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: sdmoore at fas.harvard.edu
Keywords: patch
Created attachment 155932
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155932&action=edit
Patch adding hooks to the MAC framework and vnode operations
Add hooks in the MAC subsystem following vnode lookup and create operations
that allow MAC policies to update state in response to file system accesses and
modifications.
These hooks are used in the Shill research project
(http://shill.seas.harvard.edu) to implement a capability-based sandbox, but
could be used by any MAC policy that requires fine-grained tracking of
filesystem access patterns.
To evaluate the performance impact of this patch, I have run two benchmarks
that test the overhead on lookup and create operations. The first benchmark
"open-read-close" measures the time required to open the file "/tmp/file" (two
lookup operations), read 1 byte, and close the file. The second benchmark
"create-unlink" measures the time required to create a the file "/tmp/file" and
then unlink it. I ran each benchmark in a tight loop lasting for 10 seconds and
took 50 measurements. The measurements were taken on a ThinkPad x201 in single
user mode, pinned to a single core. The performance impact appears to be
negligible, within a few microseconds. A summary of the benchmarks is below
(time in microseconds).
Unpatched Patched
Benchmark Mean SD Mean SD
open-read-close 11.11 0.02 11.18 0.03
create-unlink 41.50 0.09 40.57 0.17
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list