[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: large overhead in libmount
From: |
Daniel J Walsh |
Subject: |
Re: large overhead in libmount |
Date: |
Tue, 07 Apr 2015 07:00:06 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 04/07/2015 06:29 AM, Karel Zak wrote:
> On Thu, Apr 02, 2015 at 12:36:33PM +0100, Pádraig Brady wrote:
>>>> $ ldd src/du
>>>> linux-vdso.so.1 => (0x00007fff76ca8000)
>>>> libc.so.6 => /lib64/libc.so.6 (0x00007f2a1f742000)
>>>> /lib64/ld-linux-x86-64.so.2 (0x00007f2a1fd61000)
>>>> libmount.so.1 => /lib64/libmount.so.1 (0x00007f2a1faff000)
>>>> libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f2a1f501000)
>>>> libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f2a1f2fc000)
>>>> libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2a1f0d7000)
>>>> libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f2a1ee69000)
>>>> liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f2a1ec44000)
>>>> libdl.so.2 => /lib64/libdl.so.2 (0x00007f2a1ea40000)
>>>> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2a1e823000)
>>> The problem is libselinux, but on selinux based system you have all the
>>> libraries already in memory for many another tools...
>> Indeed.
>>
>> I see libmount links with libselinux to use selinux_trans_to_raw_context()
>> for the context= mount options etc.
> The ideal solution would be to avoid this selinux context translation
> at all. It would be nice to make it possible to send context= to kernel
> as specified on command line. Dan, any comment? (dwalsh added to CC:)
>
> It's also painful that so generic (often used) library like selinux
> has so many additional dependencies.
This allows the user of an MLS system to execute
mount /dev/sda5 -o context="system_u:object_r:httpd_sys_content_t:TopSecret"
I agree that it is seldom used but it is critical for this customer.
>> I suppose one could split libmount
>> to avoid that dependency, though it's probably not worth it for this case at
>> least?
> Well, I can create a fallback for this stuff and move the translation code to
> mount(8) only... then libmount will be without the dependence.
>
> Karel
>
Putting this into mount versus libmount would probably be fine.