f93bfb23dc
count of the number of registered policies. Rather than unconditionally locking sockets before passing them into MAC, lock them in the MAC entry points only if mac_policy_count is non-zero. This avoids locking overhead for a number of socket system calls when no policies are registered, eliminating measurable overhead for the MAC Framework for the socket subsystem when there are no active policies. Possibly socket locks should be acquired by policies if they are required for socket labels, which would further avoid locking overhead when there are policies but they don't require labeling of sockets, or possibly don't even implement socket controls. Obtained from: TrustedBSD Project |
||
|---|---|---|
| .. | ||
| rpcsec_gss | ||
| auth_none.c | ||
| auth_unix.c | ||
| auth.h | ||
| authunix_prot.c | ||
| clnt_dg.c | ||
| clnt_rc.c | ||
| clnt_stat.h | ||
| clnt_vc.c | ||
| clnt.h | ||
| getnetconfig.c | ||
| inet_ntop.c | ||
| inet_pton.c | ||
| netconfig.h | ||
| nettype.h | ||
| pmap_prot.h | ||
| replay.c | ||
| replay.h | ||
| rpc_callmsg.c | ||
| rpc_com.h | ||
| rpc_generic.c | ||
| rpc_msg.h | ||
| rpc_prot.c | ||
| rpc.h | ||
| rpcb_clnt.c | ||
| rpcb_clnt.h | ||
| rpcb_prot.c | ||
| rpcb_prot.h | ||
| rpcm_subs.h | ||
| rpcsec_gss.h | ||
| svc_auth_unix.c | ||
| svc_auth.c | ||
| svc_auth.h | ||
| svc_dg.c | ||
| svc_generic.c | ||
| svc_vc.c | ||
| svc.c | ||
| svc.h | ||
| types.h | ||
| xdr.h | ||