server-based system for file context restoration

server-based system for file context restoration

[Luke Kenneth Casson Leighton]

this may sound a little weird, but i believe it to be a possible
solution to the amount of time taken to do an selinux context restore.

the issue is that udev is designed to call out to separate programs
to perform the task of adding new devices.

consequently, optimisations that rely on cacheing by a single process
(e.g. russell's suggestion to cache the return result of
is_selinux_enabled() and also the cacheing performed by the
setfilecon() function) are not activated / taken advantage of.

therefore, there needs to be a persistent process around that
performs device creation.

to that end, two possible methods could be used:

1) udevd exec's udev_add which sticks around, and udevd communicates
   to it via a pipe, sending the names of devices to create via
   stdin.

2) similar trick but with setfiles or restorecon instead, this time
   setfiles or restorecon being turned into a "server" which can
   listen on, say, a unix-domain-socket, or via shared memory.

   i hate to suggest the use of udev because udev is not as fast
   as it could be - yet.

   millisecond response time is called for / expected, and udev
   is presently taking like ... one second to start up.

l.

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: server-based system for file context restoration

[Greg KH]

On Wed, Aug 11, 2004 at 03:25:38PM +0100, Luke Kenneth Casson Leighton wrote:
>    millisecond response time is called for / expected, and udev
>    is presently taking like ... one second to start up.

Who is claiming that udev needs such a response time?  It it not "called
for" nor "expected" at all.  At the point in time when a new device is
added to the system, a 1-2 second delay in creating the device node is
completly acceptable.

Now, if you build udev with klibc, and don't have any selinux support in
it, its response time is in the milliseconds.  So that just shows a
problem in the selinux support you are trying to add to it :)

thanks,

greg k-h


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel