On Wed, 2005-11-30 at 14:52 -0500, Stephen Smalley wrote:
On Wed, 2005-11-30 at 14:24 -0500, Daniel J Walsh wrote:
Sounds like that is probably the udev problem also.
The issue is the complete processing of file_contexts by matchpathcon_init() even when the caller is only going to do a single matchpathcon(). That costs us both in regex compilation time and in context validation/canonicalization time (the only change in the latter is that we now read back the canonical context from the kernel; we were already writing the context to the kernel to validate it). As the original user of matchpathcon was setfiles/restorecon, that was reasonable (we wanted the entire configuration). For udev and install, it isn't.
Solution is likely to provide a variant of matchpathcon_init() that allows the caller to specify a prefix, and only process file_contexts entries with that prefix.
Much of the install slowdown should be addressed by libselinux 1.27.28. We can also potentially improve that further by modifying install to use the new matchpathcon_init_prefix() interface, but some improvement should be immediately evident from the new libselinux.