2010/11/24 Eric Blake <eblake@xxxxxxxxxx>: > security_context_t happens to be a typedef for char*, and happens to > begin with a string usable as a raw context string. ÂBut in reality, > it is an opaque type that may or may not have additional information > after the first NUL byte, where that additional information can > include pointers that can only be freed via freecon(). > > Proof is from this valgrind run of daemon/libvirtd: > > ==6028== 839,169 (40 direct, 839,129 indirect) bytes in 1 blocks are definitely lost in loss record 274 of 274 > ==6028== Â Âat 0x4A0515D: malloc (vg_replace_malloc.c:195) > ==6028== Â Âby 0x3022E0D48C: selabel_open (label.c:165) > ==6028== Â Âby 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296) > ==6028== Â Âby 0x3022E1190D: matchpathcon (matchpathcon.c:317) > ==6028== Â Âby 0x4F9D842: SELinuxRestoreSecurityFileLabel (security_selinux.c:382) > > 800k is a lot of memory to be leaking. > > * src/security/security_selinux.c > (SELinuxReserveSecurityLabel, SELinuxGetSecurityProcessLabel) > (SELinuxRestoreSecurityFileLabel): Use correct function to free > security_context_t. > ACK. Matthias -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list