On Mon, 2007-01-22 at 12:49 -0500, Gene Heskett wrote: > On Monday 22 January 2007 10:13, Stephen Smalley wrote: > >On Sun, 2007-01-21 at 17:11 -0500, Gene Heskett wrote: > >> On Sunday 21 January 2007 14:36, Lyvim Xaphir wrote: > >> >On Sun, 2007-01-21 at 01:14 -0500, R. G. Newbury wrote: > >> >> David Boles wrote: > >> > >> [and I snipped, we have enough trolls under this bridge already] > >> > >> Also, to add a bit of fuel to the fire, I just rebuilt my 2.6.20-rc4 > >> again after having found some more selinux stuff in the previous build > >> that I am now running without. > >> > >> 1: Now my logs are clean again. > >> > >> 2: It took me 27 minutes to build that selinux free kernel. Now check > >> this, after having added quite a few usb network related modules as > >> I'm trying to get into a wap11 via the usb port, which will allow me > >> to do a reset to factory, something I cannot do from the snmp > >> interface because that interface requires the old password, something > >> I've forgotten in the 8 months since I last used this device. > >> > >> #> time ./makeit > >> [snip about 200k of make output] > >> All done! Edit grub.conf, reboot and chose your kernel at the grub > >> prompt > >> > >> real 8m42.183s > >> user 4m21.606s > >> sys 1m11.805s > >> [root@coyote linux-2.6.20-rc4]# > >> > >> Now, I could have done something to speed this system up that's not > >> related to selinux, but the only things I've done is to rip out the > >> livna versions of mplayer and mplayerplugin with --nodeps, and put > >> them back in from dries before they were missed, and then restart > >> firefox from its own file menu pulldown, (normal quits and re-runs > >> didn't seem to do it) and now both foxnews and cnn video's now play, > >> although cnn's videos act like the server is in need of quite a bit > >> more iron in its diet. > >> > >> Now, somebody, preferably Dr. Smalley, please explain to me why I > >> should run something that takes a 9 minute compile and makes it take > >> 27 minutes to do it. And the rest of the system just plain feels > >> snappier. > > > >(1) I'm not a PhD. > > Oh, I guess I was echoing someone else who made that assumption. > > >(2) If SELinux tripled your kernel compile time, then something is > >terribly wrong with it. I've never seen that kind of overhead in kernel > >compile benchmarks, not even close. More like a few percent. Please > >verify that you are using comparable baselines (e.g. same kernel other > >than selinux options in .config) > > The first version of this kernel, 2.6.20-rc4, was a clean build, but > apparently with pretty close to an allyes config, and no idea how that > happened. That took 37 minutes on an XP2800 Athlon with a gig of ram. > The next build, I had gone about halfway down the make xconfig menu > canceling stuff I knew I didn't need or my mobo didn't support. That > took 33 minutes to build. > > The third time I'd gone through it specificly looking for selinux related > stuff and turning it off. It was at that point my logs started being > flooded with those messages I posted, but I found that one of the selinux > related things in services was still being run so I stopped that and the > messages went away. That was audit probably but don't make me lay a > hand on the good book when I say it, too much is going on There was a > concurrant edit to the crond script in /etc/pam.d also. That build took > 27 minutes. > > Then the 4th time I was trying to get access to a wap11 through its usb > port so I could reset the password and a few other things & maybe put it > back to use. So that build actually built more modules than the 3rd one, > (BTW, that didn't work, and no one answered my question about it here on > this list. I still had to plug it into my lappy and run the winderz crap > to do that. Gives me the hives.) > > This is the build that took a bit less than 9 minutes. To me the major > diff there is that this was the first kernel built with a kernel built > without as much selinux as I could turn off, and rebooted to with > an 'selinux=0' as an additional argument in the grub kernel command line. > > >and tests (are you sure your second > >build was from a clean state, and was there any other system activity > >ongoing during either build?). Can you reproduce the result reliably? > > I believe I could reboot to 2.6.20-rc3., start all the stopped services > and then rebuild this kernel I suppose. Seems like a waste of time > though.. As for 'system activity', fetchmail, procmail, spamassassin > were all running, and I may have had a session of patience (solitaire) > running, or browsing the web. Or all of the above, linux does multitask > you know. :) > > I am using ccache though, and its du -b indicates its using about 1.5GB. > My makeit script does a make clean at the top of it. It does everything > but edit grub.conf for me, and maintains the old kernel and initrd > & /lib/modules/$VER in a state that a foobar fix is a matter of deleting > the new stuff and renaming the old to its original names. Sounds more like ccache sped up your build than anything selinux related. -- Stephen Smalley National Security Agency
