2010/12/1 Eric Blake <eblake@redhat.com>:
* src/security/security_selinux.c (SELinuxRestoreSecurityFileLabel): Use selabel_lookup instead of matchpathcon. Suggested by Daniel Walsh. ---
Makes the huge difference that I originally thought I'd get with patch 5/n earlier in the series. Beforehand, when trying to start a single kvm guest then stopping libvirtd, valgrind reports:
==5584== LEAK SUMMARY: ==5584== definitely lost: 372 bytes in 13 blocks ==5584== indirectly lost: 0 bytes in 0 blocks ==5584== possibly lost: 349 bytes in 18 blocks
after, it reports:
==7803== LEAK SUMMARY: ==7803== definitely lost: 412 bytes in 14 blocks ==7803== indirectly lost: 839,126 bytes in 11,265 blocks ==7803== possibly lost: 349 bytes in 18 blocks
Obviously, I still haven't plugged everything, but this works around the fact that libselinux used __thread incorrectly for matchpathcon() caching.
src/security/security_selinux.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-)
ACK. Matthias