On Tue, 2011-06-14 at 08:53 -0400, Daniel J Walsh wrote: > The memory problem is just the share number of file context that we are > loading, each line of the file_context file is a regex. Currently the > file_context file on my Rawhide machine is 4209 lines. If we can > determine the only file context that systemd will need, based on > directories we can eliminate some of the regexes. For example if we > just loaded paths that begin with /var, /tmp, /dev, we would drop the > regexs down to 1500. selabel_close() will free all of the file contexts mapping. So if you can bracket the usage of the mapping with a selabel_open();...;selabel_close();, then you'll only be consuming the memory when using the file contexts mapping. You don't want to do that around every file creation / relabel, of course. -- Stephen Smalley National Security Agency -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
