It's been reported that labelling via restorecon_recursive /sys/kernel/debug is taking 0.25s on a device. I wanted to verify a thought:
It looks like genfscon per file labeling is supported by selinux (like procfs), on linux master branch, I see: selinux_set_mnt_opts(): <snip> 815 if (!strcmp(sb->s_type->name, "debugfs") || 816 !strcmp(sb->s_type->name, "sysfs") || 817 !strcmp(sb->s_type->name, "pstore")) 818 sbsec->flags |= SE_SBGENFS; <snip> Would using genfscon statements and removing the restorecon_recursive be faster since it avoids the tree walk? Any caveats, issues one can think of? Bill
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
