On Wed, 2005-11-30 at 14:24 -0500, Daniel J Walsh wrote: > Sounds like that is probably the udev problem also. The issue is the complete processing of file_contexts by matchpathcon_init() even when the caller is only going to do a single matchpathcon(). That costs us both in regex compilation time and in context validation/canonicalization time (the only change in the latter is that we now read back the canonical context from the kernel; we were already writing the context to the kernel to validate it). As the original user of matchpathcon was setfiles/restorecon, that was reasonable (we wanted the entire configuration). For udev and install, it isn't. Solution is likely to provide a variant of matchpathcon_init() that allows the caller to specify a prefix, and only process file_contexts entries with that prefix. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
