systemd: please stop trying to take over the world :)
Jakub Jelinek
jakub at redhat.com
Wed Jun 15 15:22:48 UTC 2011
On Wed, Jun 15, 2011 at 11:12:35AM -0400, Daniel J Walsh wrote:
> On 06/15/2011 11:03 AM, Miloslav Trma? wrote:
> > On Wed, Jun 15, 2011 at 4:44 PM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> >> Ways to improve the situation for systemd would include:
> >> - Only load a subset of file_contexts entries, similar to udev.
> >> - Only load the file contexts entries temporarily, using selabel_open +
> >> selabel_close to bracket entire blocks where files are created or
> >> relabeled.
> > - At policy build time, precompute a DFA for all of the regexps, and
> > store it in a file. This file could be mmap()ed into any user of the
> > policy, requiring no malloc(), and allowing the kernel to free the
> > memory when it is no longer used; this should also make loading of the
> > file_contexts configuration faster.
> > Mirek
>
> I was wondering if this was possible. Any example of how to do it?
At least with glibc regex, that would be terribly unportable and
wouldn't buy much, as regcomp isn't very expensive, the DFA nodes
are created on the fly during regexec as needed.
Jakub
More information about the devel
mailing list