Re: SASL slow when selinux enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 10, 2012 at 05:44:58PM -0600, Matthew B. Brookover wrote:
> It seems that sasl_server_start() takes 0.17 seconds to run with selinux
> is disabled and takes 1.28 seconds to run when selinux is enabled.
[snip]
> Some more details, the test system is running CentOS 6.3, which came
> with Cyrus SASL 2.1.23 and MIT Kerberos 1.9 libraries.  I first noticed
> the problem with OpenLDAP 2.4.28.  I have since compiled SASL 2.1.25 and
> confirmed the problem using the sample client and sample server.

We have a local patch that we apply to try to keep replay caches (well,
anything libkrb5 creates) labeled correctly for SELinux.  Up through
6.2, the patch didn't cover the case of replay caches when they were
being flushed, and we fixed that for 6.3.  It turned out that fixing
that came with a pretty big speed hit.  We're tracking this as #845125
and #846472 in our bugzilla [1] and are working on an update.

HTH,

Nalin

[1] http://bugzilla.redhat.com/845125, http://bugzilla.redhat.com/846472


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux