systemd: please stop trying to take over the world :)
sds at tycho.nsa.gov
Wed Jun 15 14:11:22 UTC 2011
On Tue, 2011-06-14 at 08:53 -0400, Daniel J Walsh wrote:
> The memory problem is just the share number of file context that we are
> loading, each line of the file_context file is a regex. Currently the
> file_context file on my Rawhide machine is 4209 lines. If we can
> determine the only file context that systemd will need, based on
> directories we can eliminate some of the regexes. For example if we
> just loaded paths that begin with /var, /tmp, /dev, we would drop the
> regexs down to 1500.
selabel_close() will free all of the file contexts mapping.
So if you can bracket the usage of the mapping with a
selabel_open();...;selabel_close();, then you'll only be consuming the
memory when using the file contexts mapping. You don't want to do that
around every file creation / relabel, of course.
National Security Agency
More information about the devel