From: Steve G <linux_4ever@yahoo.com>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: [PATCH] Lazy config init in libselinux
Date: Mon, 26 Feb 2007 11:08:56 -0800 (PST) [thread overview]
Message-ID: <824347.57110.qm@web51509.mail.yahoo.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 779 bytes --]
Hi,
After running strace a number of times in the other performance patch, I realized
that we are reading a config file in a lot of cases where we don't even use the
results. Example, "ls" opens, reads, and parses /etc/selinux/config and it
doesn't care unless you pass the -Z flag. So...this patch does 2 things. It does
a lazy read of the config file and it moves the check for /etc/security to be a
second class citizen instead of something checked for first. This patch should
make shell scripts run faster.
Signed-off-by: Steve Grubb <linux_4ever@yahoo.com>
____________________________________________________________________________________
Bored stiff? Loosen up...
Download and play hundreds of games for free on Yahoo! Games.
http://games.yahoo.com/games/front
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 2117138420-libselinux-2.0.4-lazy-config.patch --]
[-- Type: text/x-patch; name="libselinux-2.0.4-lazy-config.patch", Size: 3451 bytes --]
diff -urp libselinux-2.0.4.orig/src/selinux_config.c libselinux-2.0.4/src/selinux_config.c
--- libselinux-2.0.4.orig/src/selinux_config.c 2007-02-25 14:52:16.000000000 -0500
+++ libselinux-2.0.4/src/selinux_config.c 2007-02-26 13:32:04.000000000 -0500
@@ -7,6 +7,7 @@
#include <stdlib.h>
#include <limits.h>
#include <unistd.h>
+#include <errno.h>
#include "selinux_internal.h"
#include "get_default_type_internal.h"
@@ -92,6 +93,9 @@ static const uint16_t compat_file_path_i
#undef L2
static int use_compat_file_path;
+static int init_selinux_config_done;
+static int init_selinux_config(void);
+
int selinux_getenforcemode(int *enforce)
{
@@ -144,6 +148,10 @@ static char *selinux_policytype;
int selinux_getpolicytype(char **type)
{
+ if (!init_selinux_config_done) {
+ if (init_selinux_config() < 0)
+ return -1;
+ }
if (!selinux_policytype)
return -1;
*type = strdup(selinux_policytype);
@@ -155,9 +163,8 @@ hidden_def(selinux_getpolicytype)
static char *selinux_policyroot = NULL;
static char *selinux_rootpath = NULL;
-static void init_selinux_config(void) __attribute__ ((constructor));
-static void init_selinux_config(void)
+static int init_selinux_config(void)
{
int i, *intptr;
size_t line_len;
@@ -166,13 +173,7 @@ static void init_selinux_config(void)
FILE *fp;
if (selinux_policyroot)
- return;
- if (access(SELINUXDIR, F_OK) != 0) {
- selinux_policyroot = SECURITYDIR;
- selinux_rootpath = SECURITYDIR;
- use_compat_file_path = 1;
- return;
- }
+ return 0;
selinux_rootpath = SELINUXDIR;
fp = fopen(SELINUXCONFIG, "r");
@@ -192,7 +193,7 @@ static void init_selinux_config(void)
selinux_policytype = type =
strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
if (!type)
- return;
+ return -1;
end = type + strlen(type) - 1;
while ((end > type) &&
(isspace(*end) || iscntrl(*end))) {
@@ -226,16 +227,22 @@ static void init_selinux_config(void)
}
free(line_buf);
fclose(fp);
+ } else if (errno == ENOENT && access(SECURITYDIR, F_OK) == 0) {
+ selinux_policyroot = SECURITYDIR;
+ selinux_rootpath = SECURITYDIR;
+ use_compat_file_path = 1;
+ init_selinux_config_done = 1;
+ return 0;
}
if (!type) {
selinux_policytype = type = strdup(SELINUXDEFAULT);
if (!type)
- return;
+ return -1;
}
if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, type) == -1)
- return;
+ return -1;
for (i = 0; i < NEL; i++)
if (asprintf(&file_paths[i], "%s%s",
@@ -243,8 +250,10 @@ static void init_selinux_config(void)
file_path_suffixes_data.str +
file_path_suffixes_idx[i])
== -1)
- return;
+ return -1;
use_compat_file_path = 0;
+ init_selinux_config_done = 1;
+ return 0;
}
static void fini_selinux_policyroot(void) __attribute__ ((destructor));
@@ -268,6 +277,10 @@ static void fini_selinux_policyroot(void
static const char *get_path(int idx)
{
+ if (!init_selinux_config_done) {
+ if (init_selinux_config() < 0)
+ return NULL;
+ }
if (!use_compat_file_path)
return file_paths[idx];
@@ -283,11 +296,19 @@ hidden_def(selinux_default_type_path)
const char *selinux_policy_root()
{
+ if (!init_selinux_config_done) {
+ if (init_selinux_config() < 0)
+ return NULL;
+ }
return selinux_policyroot;
}
const char *selinux_path()
{
+ if (!init_selinux_config_done) {
+ if (init_selinux_config() < 0)
+ return NULL;
+ }
return selinux_rootpath;
}
next reply other threads:[~2007-02-26 19:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-26 19:08 Steve G [this message]
2007-02-26 19:10 ` [PATCH] Lazy config init in libselinux Stephen Smalley
2007-02-26 20:57 ` Steve G
2007-02-26 21:18 ` Stephen Smalley
2007-02-26 23:21 ` Steve G
2007-02-27 16:05 ` Stephen Smalley
2007-02-27 17:28 ` Steve G
2007-02-27 18:11 ` Stephen Smalley
2007-02-27 20:47 ` Steve G
2007-02-27 21:10 ` Stephen Smalley
2007-02-27 21:29 ` Steve G
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=824347.57110.qm@web51509.mail.yahoo.com \
--to=linux_4ever@yahoo.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.