[systemd-devel] SELinux support takes up ~15MB of memory?

[Lennart Poettering]

On Sat, 04.12.10 22:57, Ran Benita (ran234 at gmail.com) wrote:

> The culprit seems to be selabel_lookup_raw which gets called by
> several functions in label.c (mostly label_mkdir and label_fix).
> These, in turn, seem to compile a great amount of regexes and store
> them in an array in an selabel_handle struct. systemd keeps around
> one called label_hnd (in label.c) in a static global variable for the
> duration of the program.
> This is what I observed from reading label.c in systemd, label_file.c
> in libselinux, and some gdb. But I may have got it completely wrong;
> It seems to keep the entire policy in memory, or something of the
> sort, but I really don't know how it's _supposed_ to work.

This big blob is the policy data. It is loaded the first time we have to
label something and then stays in memory.

The data must be accessible at runtime hence the only real improvement
we could do here is if libselinux would be able to share the loaded
policy in some way, using mmap. But maybe they are already doing this.

Anyway, I think this needs to be optimized more in libselinux than in
systemd, so I'd encourage you to ping the selinux folks about this!

Lennart

-- 
Lennart Poettering - Red Hat, Inc.