On Wed, Jun 15, 2011 at 4:44 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > Ways to improve the situation for systemd would include: > - Only load a subset of file_contexts entries, similar to udev. > - Only load the file contexts entries temporarily, using selabel_open + > selabel_close to bracket entire blocks where files are created or > relabeled. - At policy build time, precompute a DFA for all of the regexps, and store it in a file. This file could be mmap()ed into any user of the policy, requiring no malloc(), and allowing the kernel to free the memory when it is no longer used; this should also make loading of the file_contexts configuration faster. Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
