Re: [libvirt] [PATCH 8/n] selinux: avoid memory overhead of matchpathcon

* src/security/security_selinux.c (SELinuxRestoreSecurityFileLabel): Use selabel_lookup instead of matchpathcon. Suggested by Daniel Walsh. --- Makes the huge difference that I originally thought I'd get with patch 5/n earlier in the series.  Beforehand, when trying to start a single kvm guest then stopping libvirtd, valgrind reports: ==5584== LEAK SUMMARY: ==5584==    definitely lost: 372 bytes in 13 blocks ==5584==    indirectly lost: 0 bytes in 0 blocks ==5584==      possibly lost: 349 bytes in 18 blocks after, it reports: ==7803== LEAK SUMMARY: ==7803==    definitely lost: 412 bytes in 14 blocks ==7803==    indirectly lost: 839,126 bytes in 11,265 blocks ==7803==      possibly lost: 349 bytes in 18 blocks Obviously, I still haven't plugged everything, but this works around the fact that libselinux used __thread incorrectly for matchpathcon() caching.  src/security/security_selinux.c |   12 ++++++++----  1 files changed, 8 insertions(+), 4 deletions(-)