On Wed, 2005-11-30 at 14:52 -0500, Stephen Smalley wrote: > On Wed, 2005-11-30 at 14:24 -0500, Daniel J Walsh wrote: > > Sounds like that is probably the udev problem also. > > The issue is the complete processing of file_contexts by > matchpathcon_init() even when the caller is only going to do a single > matchpathcon(). That costs us both in regex compilation time and in > context validation/canonicalization time (the only change in the latter > is that we now read back the canonical context from the kernel; we were > already writing the context to the kernel to validate it). As the > original user of matchpathcon was setfiles/restorecon, that was > reasonable (we wanted the entire configuration). For udev and install, > it isn't. > > Solution is likely to provide a variant of matchpathcon_init() that > allows the caller to specify a prefix, and only process file_contexts > entries with that prefix. Much of the install slowdown should be addressed by libselinux 1.27.28. We can also potentially improve that further by modifying install to use the new matchpathcon_init_prefix() interface, but some improvement should be immediately evident from the new libselinux. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
