SE-DBUS bug fix

Matthew Rickard mjricka at epoch.ncsc.mil
Thu Jul 29 12:14:00 PDT 2004


On Thu, 2004-07-29 at 14:47, Havoc Pennington wrote:
> > Also, if desired we could start a thread to monitor for netlink events
> > from the kernel signaling enforcing mode and policy reload changes. 
> > Currently in the single-threaded mode the AVC will check for new
> > messages at the start of each permission check (more info on this is in
> > the avc_init man page).  If this is something we want to do let me know
> > and I'll send the patch.
> 
> What are the tradeoffs? (e.g. does the thread make permission checks
> faster, or ... ?)

>From avc_init(3):
In the default single-threaded mode, the userspace AVC checks  for  new
netlink  messages  at the start of each permission query.  If threading
and locking callbacks are  passed  to  avc_init  however,  a  dedicated
thread  will  be  started  to  listen  on the netlink socket.  This may
increase performance and will ensure that log  messages  are  generated
immediately rather than at the time of the next permission query.

So based on that the advantage goes to the threaded mode.  But of course
the difference is pretty small.  I haven't had a chance to look at any
of the D-BUS specific threading stuff in dbus-thread.c.  Would this
apply here or would we just use pthreads (or just stick to single
threaded mode)?

Matt


More information about the dbus mailing list