[libvirt] [PATCH v2] selinux: Only create the selabel_handle once.
Daniel P. Berrange
berrange at redhat.com
Wed Jan 23 21:23:13 UTC 2013
On Wed, Jan 23, 2013 at 08:39:05PM +0000, Richard W.M. Jones wrote:
> On Wed, Jan 23, 2013 at 08:35:13PM +0000, Daniel P. Berrange wrote:
> > On Wed, Jan 23, 2013 at 08:33:55PM +0000, Richard W.M. Jones wrote:
> > > From: "Richard W.M. Jones" <rjones at redhat.com>
> > >
> > > According to Eric Paris this is slightly more efficient because it
> > > only loads the regular expressions in libselinux once.
> > > ---
> > > src/security/security_selinux.c | 24 +++++++++++++++++-------
> > > 1 file changed, 17 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> > > index a3ef728..d4f0595 100644
> > > --- a/src/security/security_selinux.c
> > > +++ b/src/security/security_selinux.c
> > > @@ -935,20 +935,30 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
> > > return 0;
> > > }
> > >
> > > +#if HAVE_SELINUX_LABEL_H
> > > +
> > > +static struct selabel_handle *seLabelHandle = NULL;
> >
> > Same comment as previous version - this should go in the
> > virSecuritySELinuxData struct, not a global variable.
>
> Will do .. Is there some problem with global variables?
As we move to finer grained locking in libvirt, we're increasingly having
one mutex per functional object. In this case the virSecurityManagerPtr
objects. If there are multiple security manager objects then there is no
clarity on locking rules for the global variables which are disassociated
from the rest of the state that is being maintained.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list