I have not used the selabel interface replacement for matchpathcon, that much

I have not used the selabel interface replacement for matchpathcon, that much

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there an equivalent to this?

The question we are getting is can we speed up the execution of
restorecon in boot.

restorecon /etc/resolv.conf

should only search prefix /etc.

Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmxRkoACgkQrlYvE4MpobNXbgCgiSb4G0WbfIEmcJg0Je5gg6kE
qgsAn1pYASksoT1CZg9fK6l/XeND45cJ
=EF7P
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I have not used the selabel interface replacement for matchpathcon, that much

[Stephen Smalley]

On Fri, 2009-03-06 at 10:50 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Is there an equivalent to this?
> 
> The question we are getting is can we speed up the execution of
> restorecon in boot.
> 
> restorecon /etc/resolv.conf
> 
> should only search prefix /etc.

man selabel_file

SELABEL_OPT_SUBSET is the option you want to set in the options
structure for selabel_open(3).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I have not used the selabel interface replacement for matchpathcon, that much

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Fri, 2009-03-06 at 10:50 -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Is there an equivalent to this?
>>
>> The question we are getting is can we speed up the execution of
>> restorecon in boot.
>>
>> restorecon /etc/resolv.conf
>>
>> should only search prefix /etc.
> 
> man selabel_file
> 
> SELABEL_OPT_SUBSET is the option you want to set in the options
> structure for selabel_open(3).
> 
Yes I read the code and found that matchpathcon_init does the
selabel_open under the covers.

int matchpathcon_init_prefix(const char *path, const char *subset)
{
	if (!mycanoncon)
		mycanoncon = default_canoncon;

	options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
	options[SELABEL_OPT_SUBSET].value = subset;
	options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH;
	options[SELABEL_OPT_PATH].value = path;

	hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT);
	return hnd ? 0 : -1;
}


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmxiBIACgkQrlYvE4MpobM1QQCeLDPSkN29rm/39MjcxlPCu9A9
1CUAoIf7W4cW3/Ncw5He1X6qEEipPJC7
=5uhw
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.