On Wed, 2005-11-30 at 14:24 -0500, Daniel J Walsh wrote:
Sounds like that is probably the udev problem also.
The issue is the complete processing of file_contexts by
matchpathcon_init() even when the caller is only going to do a single
matchpathcon(). That costs us both in regex compilation time and in
context validation/canonicalization time (the only change in the latter
is that we now read back the canonical context from the kernel; we were
already writing the context to the kernel to validate it). As the
original user of matchpathcon was setfiles/restorecon, that was
reasonable (we wanted the entire configuration). For udev and install,
it isn't.
Solution is likely to provide a variant of matchpathcon_init() that
allows the caller to specify a prefix, and only process file_contexts
entries with that prefix.
--
Stephen Smalley
National Security Agency