tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_external_selinux/libselinux
History
Stephen Smalley a03f006d7e libselinux: setrans_client: minimize overhead when mcstransd is not present. 
As mcstransd is not installed/running by default, we should not impose
the overhead of trying to connect to it on each operation that takes or
returns a security context string.  Test for the existence of the socket
file on first use, and if the socket file does not exist, then skip the
processing on all subsequent calls.

Previously we had a similar attempt at optimization by checking
whether MLS was enabled, but since the kernel MLS support is enabled
even for -mcs and mcstransd is no longer installed/running by default,
this is not a useful optimization.  Just replace it with the new test.

Compare strace ls -Z /usr/bin |& grep .setrans-unix before and after
this patch to get a sense of the impact.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-20 16:19:20 -04:00
..
include libselinux: Add selabel partial and best match APIs 2015-05-06 11:58:44 -04:00
man libselinux: matchpathcon/selabel_file: Fix man pages. 2015-05-11 09:53:37 -04:00
src libselinux: setrans_client: minimize overhead when mcstransd is not present. 2015-05-20 16:19:20 -04:00
utils libselinux: Ensure selabel_lookup_best_match links NULL terminated 2015-05-18 11:53:25 -04:00
ChangeLog Update libselinux ChangeLog. 2015-05-18 11:54:07 -04:00
LICENSE initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
Makefile libselinux: Refactor rpm_execcon() into a new setexecfilecon() 2014-01-06 14:06:03 -05:00
VERSION Bump to final release 2015-02-02 09:38:10 -05:00