Thanks. Here's the details: # uname -a Linux li1629-137 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) #rpm qa | grep 'semanage' libsemanage-2.5-5.1.el7_3.x86_64 libsemanage-python-2.5-5.1.el7_3.x86_64 I didn't make any changes to /etc/selinux/semanage.conf . Here's the content. --- module-store = direct # When generating the final linked and expanded policy, by default # semanage will set the policy version to POLICYDB_VERSION_MAX, as # given in <sepol/policydb.h>. Change this setting if a different # version is necessary. #policy-version = 19 # expand-check check neverallow rules when executing all semanage commands. # Large penalty in time if you turn this on. expand-check=0 # usepasswd check tells semanage to scan all pass word records for home directories # and setup the labeling correctly. If this is turned off, SELinux will label /home # correctly only. You will need to use semanage fcontext command. # For example, if you had home dirs in /althome directory you would have to execute # semanage fcontext -a -e /home /althome usepasswd=False bzip-small=true bzip-blocksize=5 ignoredirs=/root --- ---- Cheers, Lakshmipathi.G FOSS Programmer. http://www.giis.co.in http://www.webminal.org On Thu, Apr 20, 2017 at 11:23 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On Thu, 2017-04-20 at 23:14 +0530, Lakshmipathi.G wrote: > > It takes 10 seconds to create user account,where as without -Z option > > it takes less a second. I tried changing SELinux to Permissive mode > > or > > try to use tmpfs for /etc/selinux mountpoint , both didn't help.The > > problem is I'm re-creating 50000+ user accounts in a new server. > > Looks > > for options to speed-up this process. thanks for > > any pointers/help. > > > > # time useradd --uid=20005 -Z guest_u u20005 > > real 0m10.194s > > user 0m8.866s > > sys 0m1.273s > > > > # time useradd --uid=20006 u20006 > > real 0m0.050s > > user 0m0.018s > > sys 0m0.021s > > libsemanage version? > /etc/selinux/semanage.conf contents? > > _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
