systemd: please stop trying to take over the world :)

Stephen Smalley sds at tycho.nsa.gov
Wed Jun 15 14:11:22 UTC 2011


On Tue, 2011-06-14 at 08:53 -0400, Daniel J Walsh wrote:
> The memory problem is just the share number of file context that we are
> loading,  each line of the file_context file is a regex.  Currently the
> file_context file on my Rawhide machine is 4209 lines.  If we can
> determine the only file context that systemd will need, based on
> directories we can eliminate some of the regexes.  For example if we
> just loaded paths that begin with /var, /tmp, /dev, we would drop the
> regexs down to 1500.

selabel_close() will free all of the file contexts mapping.
So if you can bracket the usage of the mapping with a
selabel_open();...;selabel_close();, then you'll only be consuming the
memory when using the file contexts mapping.  You don't want to do that
around every file creation / relabel, of course.

-- 
Stephen Smalley
National Security Agency



More information about the devel mailing list