[libvirt] [PATCH] selinux: Only create the selabel_handle once.
Eric Blake
eblake at redhat.com
Wed Jan 23 20:20:48 UTC 2013
On 01/23/2013 01:12 PM, Richard W.M. Jones wrote:
> From: "Richard W.M. Jones" <rjones at redhat.com>
>
> According to Eric Paris this is slightly more efficient because it
> only loads the regular expressions in libselinux once.
The idea seems reasonable, but I think the patch deserves a v2 for
implementation reasons.
> ---
> src/security/security_selinux.c | 20 +++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index a3ef728..8b88785 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -935,20 +935,26 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
> return 0;
> }
>
> +#if HAVE_SELINUX_LABEL_H
> +static struct selabel_handle *sehandle = NULL;
> +static virOnceControl sehandleonce = VIR_ONCE_CONTROL_INITIALIZER;
Rather than open-coding this, why not use VIR_ONCE_GLOBAL_INIT()?
> +
> +static void
> +seHandleInit (void)
> +{
> + sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
> +}
Besides, this function should typically return int rather than void, and
by returning -1 if sehandle is NULL,...
> +#endif
> +
> /* Set fcon to the appropriate label for path and mode, or return -1. */
> static int
> getContext(const char *newpath, mode_t mode, security_context_t *fcon)
> {
> #if HAVE_SELINUX_LABEL_H
> - struct selabel_handle *handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
> - int ret;
> -
> - if (handle == NULL)
> + if (virOnce(&sehandleonce, seHandleInit) < 0 || sehandle == NULL)
...then you can simplify this code.
> return -1;
>
> - ret = selabel_lookup_raw(handle, fcon, newpath, mode);
> - selabel_close(handle);
> - return ret;
> + return selabel_lookup_raw(sehandle, fcon, newpath, mode);
> #else
> return matchpathcon(newpath, mode, fcon);
> #endif
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130123/ee76dd10/attachment-0001.sig>
More information about the libvir-list
mailing list