On 11/29/05, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On Tue, 2005-11-29 at 11:51 -0500, Stephen Smalley wrote: > > Random thought: As udev only manages devices, why not run file_contexts > > through a filter to extract /dev entries at policy build time, saving > > the result as a file_contexts.dev file, and have udev use > > matchpathcon_init() to select that file for its matching. That would > > then avoid having to process the entire file contexts configuration for > > udev. > > An unscientific experiment, with a slightly modified matchpathcon util > that lets me specify the file_contexts path: > > $ grep '^/dev' file_contexts > file_contexts.dev > $ time ./matchpathcon -f file_contexts.dev /dev/ttyS0 > /dev/ttyS0 system_u:object_r:tty_device_t > > real 0m0.023s > user 0m0.012s > sys 0m0.008s > $ time ./matchpathcon -f file_contexts /dev/ttyS0 > /dev/ttyS0 system_u:object_r:tty_device_t > > real 0m0.216s > user 0m0.152s > sys 0m0.064s > > Quite the difference, no? > Cool. I take it matchpathcon() is called approx. once per created entry in /dev, etc. If so, 'du -a /dev | wc' reports about 310 entries on my system. If so, that would be noticable. ;) tom -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
