RE: file contexts and modularity

[Ivan Gyurdiev <gyurdiev@xxxxxxxxxx>]

The more I think about this, the more it seems to me that:

1) Expansions are important, and not to be considered a hack - 
they're our only way to create configurable locations,
which we need, since users don't like to comply with our
standard locations. Expansions don't necessarily relate to home
directories, as I've pointed out.

2) We need a generic mechanism for installing
such expansions, and checking those...

3) Performing expansion of template in matchpathcon seems 
fundamentally wrong to me. The expansion would be performed 
on every invocation, and that would be slow, and unnecessary -
if it's already computed, why not use it? 

4) A context file for each user? Hmm...
500 users...500 files...concat those together?
A large context file with all the users in it doesn't
seem a whole lot better.

[root@celtics files]# cat file_contexts|wc
   2384    6045  102497

[root@celtics files]# cat file_contexts.homedirs|grep root|wc
     47     118    2755

So... say we have a machine with 500 users.
500 * 47 = 23500 lines, or 10 times the size of the current
file_contexts file, which takes forever to read (that's
why install is so slow, right?)

I don't think the current file_contexts approach scales too
well with lots of users...


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.