[libvirt] [PATCH] selinux: Only create the selabel_handle once.

Eric Blake eblake at redhat.com
Wed Jan 23 20:20:48 UTC 2013 

On 01/23/2013 01:12 PM, Richard W.M. Jones wrote:
> From: "Richard W.M. Jones" <rjones at redhat.com>
> 
> According to Eric Paris this is slightly more efficient because it
> only loads the regular expressions in libselinux once.

The idea seems reasonable, but I think the patch deserves a v2 for
implementation reasons.

> ---
>  src/security/security_selinux.c | 20 +++++++++++++-------
>  1 file changed, 13 insertions(+), 7 deletions(-)
> 
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index a3ef728..8b88785 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -935,20 +935,26 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
>      return 0;
>  }
>  
> +#if HAVE_SELINUX_LABEL_H
> +static struct selabel_handle *sehandle = NULL;
> +static virOnceControl sehandleonce = VIR_ONCE_CONTROL_INITIALIZER;

Rather than open-coding this, why not use VIR_ONCE_GLOBAL_INIT()?

> +
> +static void
> +seHandleInit (void)
> +{
> +    sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
> +}

Besides, this function should typically return int rather than void, and
by returning -1 if sehandle is NULL,...

> +#endif
> +
>  /* Set fcon to the appropriate label for path and mode, or return -1.  */
>  static int
>  getContext(const char *newpath, mode_t mode, security_context_t *fcon)
>  {
>  #if HAVE_SELINUX_LABEL_H
> -    struct selabel_handle *handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
> -    int ret;
> -
> -    if (handle == NULL)
> +    if (virOnce(&sehandleonce, seHandleInit) < 0 || sehandle == NULL)

...then you can simplify this code.

>          return -1;
>  
> -    ret = selabel_lookup_raw(handle, fcon, newpath, mode);
> -    selabel_close(handle);
> -    return ret;
> +    return selabel_lookup_raw(sehandle, fcon, newpath, mode);
>  #else
>      return matchpathcon(newpath, mode, fcon);
>  #endif
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130123/ee76dd10/attachment-0001.sig>

More information about the libvir-list mailing list