[kay.sievers at vrfy.org]
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 7 14:55:17 UTC 2006
Kay Sievers wrote:
> On Mon, Feb 06, 2006 at 01:35:35PM -0500, Stephen Smalley wrote:
>
>> On Mon, 2006-02-06 at 13:15 -0500, Daniel J Walsh wrote:
>>
>>> How about if we changed the call to
>>> if ( mode & S_IFBLK ) {
>>> media = get_media(devname, mode);
>>> if (media) {
>>> ret = matchmediacon(media, &scontext);
>>> free(media);
>>> }
>>> }
>>>
>> You already have a test of (mode & S_IFBLK) on entry to get_media, so I
>> don't see what that buys you. Still limited to ide devices by get_media
>> only checking /proc/ide. I don't think her concern with the media
>> support was performance, just generality and use of sysfs. Performance
>> concern was with selinux_init.
>>
>> On the performance overhead issue, only real improvement would be to
>> move all matchpathcon_init+matchpathcon processing into the daemon and
>> have the daemon pass the required contexts to the event commands on the
>> command line or via pipe.
>>
>
> The udev event processes, the ones that actually create the device node
> are just clones of the main daemon, they run the same code, the same
> memory as the main daemon, they don't exec() anything. So everything that
> is available in the main daemon before the event process is forked, will
> also be available in the event process itself while it is creating the
> node.
>
> That's the reason I was asking, cause it sounds like the current selinux
> integration could be optimized. Seems there is no need for any pipe or other
> ipc, if selinux is fine with the inherited state from the daemon.
>
> Thanks,
> Kay
>
Yes I think it would should work fine.
I think a patch like the following should also be added to udev_selinux.
- media = get_media(devname, mode);
- if (media) {
- ret = matchmediacon(media, &scontext);
- free(media);
+ if ( mode & S_IFBLK ) {
+ media = get_media(devname, mode);
+ if (media) {
+ ret = matchmediacon(media, &scontext);
+ free(media);
+ }
}
More information about the fedora-selinux-list
mailing list