Eamon Walsh wrote: > Eric Paris wrote: > >> In one benchmark the X server was found to be extremely slow creating >> windows with selinux running. Part of the reason for this was because >> libselinux called into the kernel /selinux/create interface for every >> object. This patch caches the results of /selinux/create in the >> userspace avc to significantly increase the speed of these types of >> operations. >> >> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> >> >> > > There's some sloppy locking going on in avc_compute_create(), and I > don't think I want the ADD_CREATE command exposed in the header file, > since it's just an internal caching operation, not an external stimuli > like a revoke or reset. But I'll fix these 2 things up myself and push > it tomorrow, along with ajax's socket handoff patches. Thanks for doing > this. > Pushed to libselinux 2.0.79. -- Eamon Walsh <ewalsh@xxxxxxxxxxxxx> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
