coreutils-5.93-4
libsepol-1.9.41-1
libsemanage-1.3.59-1
libsetrans-0.1.8-1
Not sure if this is a coreutils bug or an selinux bug. Recently, I noticed
that a 'make install' that called /usr/bin/install ran *very* slowly:
% time cp hello.c /tmp/hello.c
real 0m0.040s
user 0m0.008s
sys 0m0.016s
% time /usr/bin/install -c -m 644 hello.c /tmp/hello.c
real 0m4.641s
user 0m1.608s
sys 0m0.388s
Literally 100 times slower. Gaak.
A bit of playing with strace showed why:
strace install -c -m 644 hello.c /tmp/hello.c
7,745 system calls. Of those, only 297 were *not* part of the 1,862 times
that 'install' did an open/write/read/close of /selinux/context - once for every
single file context type it found, whether or not it had anything to do with
the file that was actually being installed.
This is a show-stopper guys - when something like this bloats a 'make install'
from something that takes 2 minute into something that you don't bother checking
until you get back from lunch, it *will* add dramatically to the "security takes
waaaay too much resources" bandwagon.
Almost-full strace follows.
execve("/usr/bin/install", ["install", "-c", "-m", "644", "hello.c", "/tmp/hello.c"], [/* 56 vars */]) = 0
brk(0) = 0x805a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f16000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=72776, ...}) = 0
mmap2(NULL, 72776, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f04000
close(3) = 0
open("/usr/lib/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\23"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=24996, ...}) = 0
mmap2(NULL, 27832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7efd000
mmap2(0xb7f03000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7f03000
close(3) = 0
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`2\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=83848, ...}) = 0
mmap2(NULL, 85008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ee8000
mmap2(0xb7efc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb7efc000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0ZW\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1460028, ...}) = 0
mmap2(NULL, 1227740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dbc000
mmap2(0xb7ee2000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x125) = 0xb7ee2000
mmap2(0xb7ee6000, 7132, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ee6000
close(3) = 0
open("/usr/lib/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\v\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=32990, ...}) = 0
mmap2(NULL, 15376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db8000
mmap2(0xb7dbb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb7dbb000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\f\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=13892, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7db7000
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db3000
mmap2(0xb7db5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7db5000
close(3) = 0
open("/lib/libsepol.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200#\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=204168, ...}) = 0
mmap2(NULL, 249380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d76000
mmap2(0xb7da8000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x31) = 0xb7da8000
mmap2(0xb7da9000, 40484, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7da9000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d75000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7d756b0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7db5000, 4096, PROT_READ) = 0
mprotect(0xb7ee2000, 8192, PROT_READ) = 0
mprotect(0xb7f30000, 4096, PROT_READ) = 0
munmap(0xb7f04000, 72776) = 0
access("/etc/selinux/", F_OK) = 0
brk(0) = 0x805a000
brk(0x807b000) = 0x807b000
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=71, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000
read(3, "# Stray comment\nSELINUX=permissi"..., 4096) = 71
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f15000, 4096) = 0
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000
read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 1024
close(3) = 0
munmap(0xb7f15000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=72776, ...}) = 0
mmap2(NULL, 72776, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f04000
close(3) = 0
open("/lib/libsetrans.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\n\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=6804, ...}) = 0
mmap2(NULL, 9680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d72000
mmap2(0xb7d74000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7d74000
close(3) = 0
munmap(0xb7f04000, 72776) = 0
open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
read(3, "1", 19) = 1
close(3) = 0
open("/etc/selinux/strict/setrans.conf", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=594, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000
read(3, "#\n# Multi-Category Security tran"..., 4096) = 594
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f15000, 4096) = 0
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 305
open("/proc/self/attr/current", O_RDONLY|O_LARGEFILE) = 4
read(4, "valdis:staff_r:staff_t:s0-s0:c0."..., 4095) = 37
close(4) = 0
close(3) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=54054656, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7b72000
mmap2(NULL, 204800, PROT_READ, MAP_PRIVATE, 3, 0x121f) = 0xb7b40000
mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE, 3, 0x2b89) = 0xb7b3f000
close(3) = 0
geteuid32() = 967
umask(0) = 022
stat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
stat64("hello.c", {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
stat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
unlink("/tmp/hello.c") = 0
open("hello.c", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
open("/tmp/hello.c", O_WRONLY|O_CREAT|O_LARGEFILE, 0100664) = 4
fstat64(4, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
read(3, "main() {printf(\"Hello world!\\n\")"..., 4096) = 35
write(4, "main() {printf(\"Hello world!\\n\")"..., 35) = 35
read(3, "", 4096) = 0
close(4) = 0
close(3) = 0
setxattr("/tmp/hello.c", "system.posix_acl_access", "\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x00\x00\xff\xff\xff\xff \x00\x00\x00\xff\xff\xff\xff", 28, 0) = -1 EOPNOTSUPP (Operation not supported)
chmod("/tmp/hello.c", 0600) = 0
chown32("/tmp/hello.c", -1, -1) = 0
chmod("/tmp/hello.c", 0644) = 0
lstat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
read(3, "1", 19) = 1
close(3) = 0
open("/etc/selinux/strict/contexts/files/file_contexts", O_RDONLY|O_LARGEFILE) = 3
open("/etc/selinux/strict/contexts/files/file_contexts.homedirs", O_RDONLY|O_LARGEFILE) = 4
open("/etc/selinux/strict/contexts/files/file_contexts.local", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
fstat64(3, {st_mode=S_IFREG|0644, st_size=114044, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7b3e000
read(3, "# Distro-specific customizations"..., 4096) = 4096
read(3, "b[^/]*\\.so(\\.[^/]*)* --\tsystem_u"..., 4096) = 4096
read(3, "ovable device...\n/dev/pd[a-d][^/"..., 4096) = 4096
read(3, "r:bin_t:s0\n/opt(/.*)?/sbin(/.*)?"..., 4096) = 4096
read(3, "*)?\tsystem_u:object_r:man_t:s0\n/"..., 4096) = 4096
read(3, "/usr/sbin/accton\t--\tsystem_u:obj"..., 4096) = 4096
read(3, "-\tsystem_u:object_r:amanda_user_"..., 4096) = 4096
read(3, "\n/var/run/\\.?acpid\\.socket\t-s\tsy"..., 4096) = 4096
read(3, "ject_r:comsat_exec_t:s0\n# consol"..., 4096) = 4096
read(3, "r:bin_t:s0\n/usr/lib(64)?/cups/cg"..., 4096) = 4096
read(3, "larm-notify.*\t--\tsystem_u:object"..., 4096) = 4096
read(3, "object_r:xferlog_t:s0\n/var/log/x"..., 4096) = 4096
read(3, "usr/lib/gnupg/.*\t--\tsystem_u:obj"..., 4096) = 4096
read(3, "_t:s0\n/etc/init\\.d/.*\t\t--\tsystem"..., 4096) = 4096
read(3, "tem_u:object_r:innd_exec_t:s0\n# "..., 4096) = 4096
read(3, "--\tsystem_u:object_r:load_policy"..., 4096) = 4096
read(3, "ct_r:lvm_exec_t:s0\n/sbin/vgscan\t"..., 4096) = 4096
read(3, "luggerrc system_u:object_r:mozil"..., 4096) = 4096
read(3, "\t\tsystem_u:object_r:ntpd_log_t:s"..., 4096) = 4096
read(3, "\n/usr/sbin/postqueue\t--\tsystem_u"..., 4096) = 4096
read(3, "voxy(/.*)?\t\tsystem_u:object_r:pr"..., 4096) = 4096
read(3, "_u:object_r:samba_log_t:s0\n/var/"..., 4096) = 4096
read(3, "var_run_t:s0\n/var/run/snmpd\t\t-d\t"..., 4096) = 4096
read(3, "ct_r:traceroute_exec_t:s0\n/usr/b"..., 4096) = 4096
read(3, ":s0\n#/usr/local/vmware/[^/]*/.*\\"..., 4096) = 4096
read(3, "on\n/usr/sbin/zebra\t\t--\tsystem_u:"..., 4096) = 4096
read(3, "tem_u:object_r:bin_t:s0\n/emul/ia"..., 4096) = 4096
read(3, "r:texrel_shlib_t:s0\n/usr/lib/lad"..., 4096) = 3452
read(3, "", 4096) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=9381, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7b3d000
read(4, "\n#\n#\n# User-specific file contex"..., 4096) = 4096
read(4, "onts.cache-.*\t--\troot:object_r:s"..., 4096) = 4096
read(4, "me_t:s0\n/home/valdis/\\.screenrc\t"..., 4096) = 1189
read(4, "", 4096) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
_llseek(4, 0, [0], SEEK_SET) = 0
read(3, "# Distro-specific customizations"..., 4096) = 4096
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "system_u:object_r:default_t:s0\0", 31) = 31
read(5, "system_u:object_r:default_t:s0\0", 4095) = 31
close(5) = 0
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "system_u:object_r:root_t:s0\0", 28) = 28
read(5, "system_u:object_r:root_t:s0\0", 4095) = 28
close(5) = 0
(1,858 iterations of open/write/read/close deleted)
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "valdis:object_r:staff_orbit_tmp_"..., 37) = 37
read(5, "valdis:object_r:staff_orbit_tmp_"..., 4095) = 37
close(5) = 0
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "valdis:object_r:staff_orbit_tmp_"..., 37) = 37
read(5, "valdis:object_r:staff_orbit_tmp_"..., 4095) = 37
close(5) = 0
close(3) = 0
munmap(0xb7b3e000, 4096) = 0
close(4) = 0
munmap(0xb7b3d000, 4096) = 0
brk(0x863e000) = 0x863e000
close(1) = 0
munmap(0xb7d72000, 9680) = 0
exit_group(0) = ?
Process 17917 detached
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
