On Wed, Jun 15, 2011 at 11:12:35AM -0400, Daniel J Walsh wrote: > On 06/15/2011 11:03 AM, Miloslav Trma? wrote: > > On Wed, Jun 15, 2011 at 4:44 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > >> Ways to improve the situation for systemd would include: > >> - Only load a subset of file_contexts entries, similar to udev. > >> - Only load the file contexts entries temporarily, using selabel_open + > >> selabel_close to bracket entire blocks where files are created or > >> relabeled. > > - At policy build time, precompute a DFA for all of the regexps, and > > store it in a file. This file could be mmap()ed into any user of the > > policy, requiring no malloc(), and allowing the kernel to free the > > memory when it is no longer used; this should also make loading of the > > file_contexts configuration faster. > > Mirek > > I was wondering if this was possible. Any example of how to do it? At least with glibc regex, that would be terribly unportable and wouldn't buy much, as regcomp isn't very expensive, the DFA nodes are created on the fly during regexec as needed. Jakub -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel