On Thu, 2017-04-20 at 14:39 -0400, Stephen Smalley wrote: > On Thu, 2017-04-20 at 23:14 +0530, Lakshmipathi.G wrote: > > It takes 10 seconds to create user account,where as without -Z > > option > > it takes less a second. I tried changing SELinux to Permissive mode > > or > > try to use tmpfs for /etc/selinux mountpoint , both didn't help.The > > problem is I'm re-creating 50000+ user accounts in a new server. > > Looks > > for options to speed-up this process. thanks for > > any pointers/help. > > > > # time useradd --uid=20005 -Z guest_u u20005 > > real 0m10.194s > > user 0m8.866s > > sys 0m1.273s > > > > # time useradd --uid=20006 u20006 > > real 0m0.050s > > user 0m0.018s > > sys 0m0.021s > > Maybe an alternative until you get an updated libsemanage would be to > transfer the SELinux configuration via semanage export/import and > just > run useradd without -Z. That way you can do all of the additions to > seusers in a single transaction. That assumes you already have these users configured on a different server from which you can run semanage export (I assumed that because you said you were re-creating 50000+ user accounts). If not, then you could essentially write a script to generate the input expected by semanage import to add all the users. It would look something like this: $ cat userlist login -a -s guest_u -r 's0' u20005 login -a -s guest_u -r 's0' u20006 ... $ <add all of the users with useradd first, without -Z> $ sudo semanage import -f userlist If you are instead using semanage export from an existing system with the users already defined, be careful since it always starts with commands to delete all local customizations before adding the new ones, so you might not want to do that on your system. You can always delete those lines from its output before feeding to semanage import. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
