From: Jason Zaman <jason@perfinion.com>
To: Petr Lautrbach <lautrbach@redhat.com>
Cc: selinux@vger.kernel.org
Subject: Re: [PATCH] libsemanage: improve performance of semanage store rebuild
Date: Wed, 26 Feb 2025 08:27:35 -0800 [thread overview]
Message-ID: <Z79A97uBFd_6RTFz@anduin.perfinion.com> (raw)
In-Reply-To: <20250225075555.16136-1-lautrbach@redhat.com>
On Tue, Feb 25, 2025 at 08:55:23AM +0100, Petr Lautrbach wrote:
> Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
> ") added reopeniong selabel handle every time semanage_setfiles() is
> called. It means that during `semodule -B`, `selabel_close()` and
> `selabel_open()` could be called more than 1800x what could have a
> significant performance impact.
>
> It should be enough to reopen selabel handle just after semanage commit
> when changes are applied.
>
> Before 9d107ab77ba4:
> semodule -B 5.84s user 0.52s system 96% cpu 6.585 total
>
> After 9d107ab77ba4:
> semodule -B 11.15s user 0.64s system 98% cpu 11.952 total
>
> With this patch:
> semodule -B 5.51s user 0.41s system 98% cpu 6.014 total
>
> Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: Jason Zaman <jason@perfinion.com>
> ---
> libsemanage/src/semanage_store.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
> index cf9aa809b7f8..307f27f9838b 100644
> --- a/libsemanage/src/semanage_store.c
> +++ b/libsemanage/src/semanage_store.c
> @@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
> semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
> const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
> struct stat buf;
> + struct selabel_handle *sehandle;
>
> /* update the commit number */
> if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
> @@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>
> cleanup:
> semanage_release_active_lock(sh);
> + sehandle = selinux_restorecon_default_handle();
> + selinux_restorecon_set_sehandle(sehandle);
> return retval;
> }
>
> @@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
> void semanage_setfiles(semanage_handle_t * sh, const char *path){
> struct stat sb;
> int fd;
> - struct selabel_handle *sehandle;
>
> union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
> union selinux_callback cb = { .func_log = log_callback_mute };
>
> - sehandle = selinux_restorecon_default_handle();
> - selinux_restorecon_set_sehandle(sehandle);
> -
> /* Mute all logs */
> selinux_set_callback(SELINUX_CB_LOG, cb);
>
> --
> 2.48.1
>
>
next prev parent reply other threads:[~2025-02-26 16:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 7:55 [PATCH] libsemanage: improve performance of semanage store rebuild Petr Lautrbach
2025-02-26 16:27 ` Jason Zaman [this message]
2025-03-03 18:06 ` Petr Lautrbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z79A97uBFd_6RTFz@anduin.perfinion.com \
--to=jason@perfinion.com \
--cc=lautrbach@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.