selinux and udev ?
Stephen Smalley
sds at tycho.nsa.gov
Tue Nov 29 18:23:30 UTC 2005
On Tue, 2005-11-29 at 18:56 +0100, Nicolas Mailhot wrote:
> Le mardi 29 novembre 2005 à 11:48 -0500, Stephen Smalley a écrit :
> > On Tue, 2005-11-29 at 08:20 -0800, Tom London wrote:
> > > There are reports in fedora-test about the 2.X policy slowing down
> > > udev. (Appears that folks are comparing booting with selinxux=1 with
> > > selinux=0).
> > >
> > > I have to admit that udev is running slower (targeted/enforcing).
> > >
> > > Any validity to this? Known issue? How to track down?
> >
> > First, check whether you have any avc denials associated with udev in
> > your audit.log.
>
> There are certainly many denials with the new 2.0 policy, including udev
> stuff (at least it was the case a week ago). I've posted 2.0 audit logs
> many times in bugzilla.
I think many of those avc issues have been resolved, although there may
still be lingering ones. I think that the udev slowdown is more likely
matchpathcon / file_contexts issues.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list