From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: SE-Linux <selinux@tycho.nsa.gov>,
Linux Hotplug Dev List
<linux-hotplug-devel@lists.sourceforge.net>
Subject: server-based system for file context restoration
Date: Wed, 11 Aug 2004 14:25:38 +0000 [thread overview]
Message-ID: <20040811142538.GA12278@lkcl.net> (raw)
this may sound a little weird, but i believe it to be a possible
solution to the amount of time taken to do an selinux context restore.
the issue is that udev is designed to call out to separate programs
to perform the task of adding new devices.
consequently, optimisations that rely on cacheing by a single process
(e.g. russell's suggestion to cache the return result of
is_selinux_enabled() and also the cacheing performed by the
setfilecon() function) are not activated / taken advantage of.
therefore, there needs to be a persistent process around that
performs device creation.
to that end, two possible methods could be used:
1) udevd exec's udev_add which sticks around, and udevd communicates
to it via a pipe, sending the names of devices to create via
stdin.
2) similar trick but with setfiles or restorecon instead, this time
setfiles or restorecon being turned into a "server" which can
listen on, say, a unix-domain-socket, or via shared memory.
i hate to suggest the use of udev because udev is not as fast
as it could be - yet.
millisecond response time is called for / expected, and udev
is presently taking like ... one second to start up.
l.
--
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love. If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net"> lkcl.net </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next reply other threads:[~2004-08-11 14:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-11 14:25 Luke Kenneth Casson Leighton [this message]
2004-08-11 14:45 ` server-based system for file context restoration Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040811142538.GA12278@lkcl.net \
--to=lkcl@lkcl.net \
--cc=linux-hotplug-devel@lists.sourceforge.net \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).