[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: restorecond matchpathcon patch
From:       Steve G <linux_4ever () yahoo ! com>
Date:       2007-02-20 16:57:27
Message-ID: 20070220165727.62975.qmail () web51509 ! mail ! yahoo ! com
[Download RAW message or body]


>> IOW, this patch cleans up one problem, but I wonder if the underlying
>> algorithm should be changed to be less of a memory hog.
>
>Possibly the FCGlob work will help address that problem.

Is that restorecond work or libselinux work? The change in algorithm I was
thinking about was in restorecond. IOW, it could cache the correct context for
the handful of files it cares about and use matchpathcon only for the paths that
contain metacharacters. It could monitor for policy reloads and correct its cache
in that event. For what its doing, it consumes a lot of memory as is.

>Calling matchpathcon_fini each time will require re-creation of the
>entire in-memory table from the file contexts configuration on each
>matchpathcon call, so you are trading off runtime performance for memory
>here.

If you want to leave it alone, we should have something like this added to
restorecond.c:

@@ -483,6 +483,7 @@ int main(int argc, char **argv)

        watch_list_free(master_fd);
        close(master_fd);
+       matchpathcon_fini();
        if (pidfile)
                unlink(pidfile);

so that valgrind can spot real memory leaks. Besides matchpathcon, valgrind is
reporting other memory issues.

-Steve


 
____________________________________________________________________________________
Any questions? Get answers on any topic at www.Answers.yahoo.com.  Try it now.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]