systemd: please stop trying to take over the world :)
Miloslav Trmač
mitr at volny.cz
Wed Jun 15 15:35:19 UTC 2011
On Wed, Jun 15, 2011 at 5:12 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> On 06/15/2011 11:03 AM, Miloslav Trma? wrote:
>> - At policy build time, precompute a DFA for all of the regexps, and
>> store it in a file. This file could be mmap()ed into any user of the
>> policy, requiring no malloc(), and allowing the kernel to free the
>> memory when it is no longer used; this should also make loading of the
>> file_contexts configuration faster.
>> Mirek
>
> I was wondering if this was possible.
Looking at the output of (semanage fcontext -l), it seems that all
entries could be handled by a DFA. Of course this might mean changing
the documented semantics of the regexp (in particular to forbid
backreferences). The practical question is whether the DFA will be
small enough, I can't really see much reason for a large state
explosion - most of the regexps are very simple.
> Any example of how to do it?
Not really... the idea was prompted by a mention of re2c, but I
suppose you don't want to involve a C compiler in the policy build
process. Still, that's something to start from. (And of course, a
student of automata theory should be able to build this from scratch.
Perhaps a bachelor thesis?)
Mirek
More information about the devel
mailing list