selinux/libselinux
Stephen Smalley fec839cf17 libselinux: simplify procattr cache
https://github.com/systemd/systemd/issues/475 identified a problem
in libselinux with using getpid(3) rather than getpid(2) due to direct
use of the clone() system call by systemd.  We could change libselinux
to use getpid(2) instead, but this would impose a getpid(2) system call
overhead on each get*con() or set*con() call.  Rather than do this,
we can instead simplify the procattr cache and get rid of the
caching of the pid and tid entirely, along with the atfork handler.
With commit 3430519109 ("use
/proc/thread-self when available"), we only need the tid when
on Linux < 3.17, so we can just always call gettid() in that case (as
done prior to the procattr cache) and drop the cached tid. The cached
pid and atfork handlers were only needed to reset the cached tid, so
those can also be dropped. The rest of the cached attributes are not
reset by the kernel on fork, only on exec, so we do not need to
flush them upon fork/clone.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-20 12:56:01 -04:00
..
include libselinux: Add const to selinux_opt for label backends. 2015-07-10 12:30:09 -04:00
man libselinux: Add const to selinux_opt for label backends. 2015-07-10 12:30:09 -04:00
src libselinux: simplify procattr cache 2015-07-20 12:56:01 -04:00
utils libselinux: Fix binary file labels for regexes with metachars 2015-07-06 11:09:12 -04:00
ChangeLog Update libselinux ChangeLog. 2015-07-13 09:23:53 -04:00
LICENSE initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
Makefile libselinux: Refactor rpm_execcon() into a new setexecfilecon() 2014-01-06 14:06:03 -05:00
VERSION Bump to final release 2015-02-02 09:38:10 -05:00