[kay.sievers at vrfy.org]
Stephen Smalley
sds at tycho.nsa.gov
Tue Feb 7 13:29:25 UTC 2006
On Tue, 2006-02-07 at 02:18 +0100, Kay Sievers wrote:
> The udev event processes, the ones that actually create the device node
> are just clones of the main daemon, they run the same code, the same
> memory as the main daemon, they don't exec() anything. So everything that
> is available in the main daemon before the event process is forked, will
> also be available in the event process itself while it is creating the
> node.
>
> That's the reason I was asking, cause it sounds like the current selinux
> integration could be optimized. Seems there is no need for any pipe or other
> ipc, if selinux is fine with the inherited state from the daemon.
Yes, in that case, performing the matchpathcon_init_prefix call once in
the main daemon would likely be fine.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list