Currently the SELinux network node cache doesn't factor in the address mask provided with the policy, it maintains a cache entry for each IP. Expose the address mask via security_node_sid() and use it to increase the efficiency of the network node cache.
Currently the SELinux network node cache doesn't factor in the address mask provided with the policy, it maintains a cache entry for each IP. Expose the address mask via security_node_sid() and use it to increase the efficiency of the network node cache.