Re: udev slowness and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Stephen Smalley <sds@xxxxxxxxxxxxx>
To: Jason Dravet <dravet@xxxxxxxxxxx>
CC: Daniel J Walsh <dwalsh@xxxxxxxxxx>, SELinux-dev@xxxxxxxxxx, fedora-selinux-list@xxxxxxxxxx 
Subject: Re: udev slowness and selinux
Date: Tue, 06 Dec 2005 10:45:14 -0500

On Tue, 2005-12-06 at 09:24 -0600, Jason Dravet wrote:
> Hello,
>
> I am running todays rawhide and udev is still slow, but it is better than it 
> was.  Here are some numbers:
> booting with selinux disabled: udev starts in 5 seconds
> booting with selinux enabled (libselinux-1.27.28-1): udev starts in 26
> seconds.
> booting with selinux enabled (older than libselinux-1.27.28-1): udev started 
> in 50-60 seconds.
> I am running udev-075-4, kernel-2.6.14-1-1740, libselinux-1.27.28-1, and
> selinux-policy-targeted-2.0.9-1. I am running selinux in targeted enforcing 
> mode.

Hmmm...I'm still not sure I understand why there has been a recent
slowdown, as I wouldn't have expected either reference policy or the
matchpathcon canonicalization to have added that much overhead
(particularly as we were already validating the contexts).  From your
numbers above, it seems that the canonicalization is adding significant
overhead, since the canonicalization is performed lazily in libselinux
1.27.28, but we still have major overhead remaining.

How exactly are you timing the startup time here, e.g. are you just
inserting a time command prior to the /sbin/start_udev call in
rc.sysinit or are you timing the entire sequence including the
Initializing hardware setup?

udev could/should be changed to call matchpathcon_init_prefix(NULL,
"/dev") once at startup prior to any matchpathcon() calls to avoid the
overhead of processing the entire file_contexts configuration.  But I'd
like to get more information on where that time is being spent currently
as well, so I'd like to know exactly how you are measuring so I can
reproduce it and then try to profile it.

--
Stephen Smalley
National Security Agency
I am using a stop watch to measure the time. I start the watch when I see starting udev and I stop it when I see loading default keymap. If you would like me to use a different method of timing please tell me how and I will be happy to use it. 

Thanks,
Jason


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux