[PATCH] libsemanage: improve performance of semanage store rebuild

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] libsemanage: improve performance of semanage store rebuild
@ 2025-02-25  7:55 Petr Lautrbach
  2025-02-26 16:27 ` Jason Zaman
  0 siblings, 1 reply; 3+ messages in thread
From: Petr Lautrbach @ 2025-02-25  7:55 UTC (permalink / raw)
  To: selinux; +Cc: Petr Lautrbach

Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
") added reopeniong selabel handle every time semanage_setfiles() is
called. It means that during `semodule -B`, `selabel_close()` and
`selabel_open()` could be called more than 1800x what could have a
significant performance impact.

It should be enough to reopen selabel handle just after semanage commit
when changes are applied.

Before 9d107ab77ba4:
    semodule -B  5.84s user 0.52s system 96% cpu 6.585 total

After 9d107ab77ba4:
    semodule -B  11.15s user 0.64s system 98% cpu 11.952 total

With this patch:
    semodule -B  5.51s user 0.41s system 98% cpu 6.014 total

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
 libsemanage/src/semanage_store.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index cf9aa809b7f8..307f27f9838b 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 	    semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
 	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
 	struct stat buf;
+	struct selabel_handle *sehandle;
 
 	/* update the commit number */
 	if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
@@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 
       cleanup:
 	semanage_release_active_lock(sh);
+	sehandle = selinux_restorecon_default_handle();
+	selinux_restorecon_set_sehandle(sehandle);
 	return retval;
 }
 
@@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
 void semanage_setfiles(semanage_handle_t * sh, const char *path){
 	struct stat sb;
 	int fd;
-	struct selabel_handle *sehandle;
 
 	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
 	union selinux_callback cb = { .func_log = log_callback_mute };
 
-	sehandle = selinux_restorecon_default_handle();
-	selinux_restorecon_set_sehandle(sehandle);
-
 	/* Mute all logs */
 	selinux_set_callback(SELINUX_CB_LOG, cb);
 
-- 
2.48.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] libsemanage: improve performance of semanage store rebuild
  2025-02-25  7:55 [PATCH] libsemanage: improve performance of semanage store rebuild Petr Lautrbach
@ 2025-02-26 16:27 ` Jason Zaman
  2025-03-03 18:06   ` Petr Lautrbach
  0 siblings, 1 reply; 3+ messages in thread
From: Jason Zaman @ 2025-02-26 16:27 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: selinux

On Tue, Feb 25, 2025 at 08:55:23AM +0100, Petr Lautrbach wrote:
> Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
> ") added reopeniong selabel handle every time semanage_setfiles() is
> called. It means that during `semodule -B`, `selabel_close()` and
> `selabel_open()` could be called more than 1800x what could have a
> significant performance impact.
> 
> It should be enough to reopen selabel handle just after semanage commit
> when changes are applied.
> 
> Before 9d107ab77ba4:
>     semodule -B  5.84s user 0.52s system 96% cpu 6.585 total
> 
> After 9d107ab77ba4:
>     semodule -B  11.15s user 0.64s system 98% cpu 11.952 total
> 
> With this patch:
>     semodule -B  5.51s user 0.41s system 98% cpu 6.014 total
> 
> Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: Jason Zaman <jason@perfinion.com>

> ---
>  libsemanage/src/semanage_store.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
> index cf9aa809b7f8..307f27f9838b 100644
> --- a/libsemanage/src/semanage_store.c
> +++ b/libsemanage/src/semanage_store.c
> @@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>  	    semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
>  	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
>  	struct stat buf;
> +	struct selabel_handle *sehandle;
>  
>  	/* update the commit number */
>  	if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
> @@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>  
>        cleanup:
>  	semanage_release_active_lock(sh);
> +	sehandle = selinux_restorecon_default_handle();
> +	selinux_restorecon_set_sehandle(sehandle);
>  	return retval;
>  }
>  
> @@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
>  void semanage_setfiles(semanage_handle_t * sh, const char *path){
>  	struct stat sb;
>  	int fd;
> -	struct selabel_handle *sehandle;
>  
>  	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
>  	union selinux_callback cb = { .func_log = log_callback_mute };
>  
> -	sehandle = selinux_restorecon_default_handle();
> -	selinux_restorecon_set_sehandle(sehandle);
> -
>  	/* Mute all logs */
>  	selinux_set_callback(SELINUX_CB_LOG, cb);
>  
> -- 
> 2.48.1
> 
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] libsemanage: improve performance of semanage store rebuild
  2025-02-26 16:27 ` Jason Zaman
@ 2025-03-03 18:06   ` Petr Lautrbach
  0 siblings, 0 replies; 3+ messages in thread
From: Petr Lautrbach @ 2025-03-03 18:06 UTC (permalink / raw)
  To: selinux, Jason Zaman

Jason Zaman <jason@perfinion.com> writes:

> On Tue, Feb 25, 2025 at 08:55:23AM +0100, Petr Lautrbach wrote:
>> Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
>> ") added reopeniong selabel handle every time semanage_setfiles() is
>> called. It means that during `semodule -B`, `selabel_close()` and
>> `selabel_open()` could be called more than 1800x what could have a
>> significant performance impact.
>> 
>> It should be enough to reopen selabel handle just after semanage commit
>> when changes are applied.
>> 
>> Before 9d107ab77ba4:
>>     semodule -B  5.84s user 0.52s system 96% cpu 6.585 total
>> 
>> After 9d107ab77ba4:
>>     semodule -B  11.15s user 0.64s system 98% cpu 11.952 total
>> 
>> With this patch:
>>     semodule -B  5.51s user 0.41s system 98% cpu 6.014 total
>> 
>> Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
> Acked-by: Jason Zaman <jason@perfinion.com>

Merged.


>> ---
>>  libsemanage/src/semanage_store.c | 7 +++----
>>  1 file changed, 3 insertions(+), 4 deletions(-)
>> 
>> diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
>> index cf9aa809b7f8..307f27f9838b 100644
>> --- a/libsemanage/src/semanage_store.c
>> +++ b/libsemanage/src/semanage_store.c
>> @@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>>  	    semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
>>  	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
>>  	struct stat buf;
>> +	struct selabel_handle *sehandle;
>>  
>>  	/* update the commit number */
>>  	if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
>> @@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>>  
>>        cleanup:
>>  	semanage_release_active_lock(sh);
>> +	sehandle = selinux_restorecon_default_handle();
>> +	selinux_restorecon_set_sehandle(sehandle);
>>  	return retval;
>>  }
>>  
>> @@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
>>  void semanage_setfiles(semanage_handle_t * sh, const char *path){
>>  	struct stat sb;
>>  	int fd;
>> -	struct selabel_handle *sehandle;
>>  
>>  	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
>>  	union selinux_callback cb = { .func_log = log_callback_mute };
>>  
>> -	sehandle = selinux_restorecon_default_handle();
>> -	selinux_restorecon_set_sehandle(sehandle);
>> -
>>  	/* Mute all logs */
>>  	selinux_set_callback(SELINUX_CB_LOG, cb);
>>  
>> -- 
>> 2.48.1
>> 
>> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-03-03 18:06 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-25  7:55 [PATCH] libsemanage: improve performance of semanage store rebuild Petr Lautrbach
2025-02-26 16:27 ` Jason Zaman
2025-03-03 18:06   ` Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.