On Mon, 2006-02-06 at 13:15 -0500, Daniel J Walsh wrote:
> How about if we changed the call to
> if ( mode & S_IFBLK ) {
> media = get_media(devname, mode);
> if (media) {
> ret = matchmediacon(media, &scontext);
> free(media);
> }
> }
You already have a test of (mode & S_IFBLK) on entry to get_media, so I
don't see what that buys you. Still limited to ide devices by get_media
only checking /proc/ide. I don't think her concern with the media
support was performance, just generality and use of sysfs. Performance
concern was with selinux_init.
On the performance overhead issue, only real improvement would be to
move all matchpathcon_init+matchpathcon processing into the daemon and
have the daemon pass the required contexts to the event commands on the
command line or via pipe.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
