[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: large overhead in libmount

From: Daniel J Walsh
Subject: Re: large overhead in libmount
Date: Tue, 07 Apr 2015 07:00:06 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

On 04/07/2015 06:29 AM, Karel Zak wrote:
> On Thu, Apr 02, 2015 at 12:36:33PM +0100, Pádraig Brady wrote:
>>>> $ ldd src/du
>>>> linux-vdso.so.1 =>  (0x00007fff76ca8000)
>>>> libc.so.6 => /lib64/libc.so.6 (0x00007f2a1f742000)
>>>> /lib64/ld-linux-x86-64.so.2 (0x00007f2a1fd61000)
>>>>  libmount.so.1 => /lib64/libmount.so.1 (0x00007f2a1faff000)
>>>>   libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f2a1f501000)
>>>>   libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f2a1f2fc000)
>>>>   libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2a1f0d7000)
>>>>   libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f2a1ee69000)
>>>>   liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f2a1ec44000)
>>>>   libdl.so.2 => /lib64/libdl.so.2 (0x00007f2a1ea40000)
>>>>   libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2a1e823000)
>>> The problem is libselinux, but on selinux based system you have all the
>>> libraries already in memory for many another tools...
>> Indeed.
>> I see libmount links with libselinux to use selinux_trans_to_raw_context()
>> for the context= mount options etc.
> The ideal solution would be to avoid this selinux context translation
> at all. It would be nice to make it possible to send context= to kernel 
> as specified on command line. Dan, any comment? (dwalsh added to CC:)
> It's also painful that so generic (often used) library like selinux
> has so many additional dependencies.
This allows the user of an MLS system to execute

mount /dev/sda5 -o context="system_u:object_r:httpd_sys_content_t:TopSecret"

I agree that it is seldom used but it is critical for this customer.
>> I suppose one could split libmount
>> to avoid that dependency, though it's probably not worth it for this case at 
>> least?
> Well, I can create a fallback for this stuff and move the translation code to
> mount(8) only... then libmount will be without the dependence.
>     Karel
Putting this into mount versus libmount would probably be fine.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]