SE-DBUS bug fix
mjricka at epoch.ncsc.mil
Thu Jul 29 12:14:00 PDT 2004
On Thu, 2004-07-29 at 14:47, Havoc Pennington wrote:
> > Also, if desired we could start a thread to monitor for netlink events
> > from the kernel signaling enforcing mode and policy reload changes.
> > Currently in the single-threaded mode the AVC will check for new
> > messages at the start of each permission check (more info on this is in
> > the avc_init man page). If this is something we want to do let me know
> > and I'll send the patch.
> What are the tradeoffs? (e.g. does the thread make permission checks
> faster, or ... ?)
In the default single-threaded mode, the userspace AVC checks for new
netlink messages at the start of each permission query. If threading
and locking callbacks are passed to avc_init however, a dedicated
thread will be started to listen on the netlink socket. This may
increase performance and will ensure that log messages are generated
immediately rather than at the time of the next permission query.
So based on that the advantage goes to the threaded mode. But of course
the difference is pretty small. I haven't had a chance to look at any
of the D-BUS specific threading stuff in dbus-thread.c. Would this
apply here or would we just use pthreads (or just stick to single
More information about the dbus