On Wed, Mar 24, 2021 at 10:59 AM peter enderborg <peter.enderborg@xxxxxxxx> wrote: > On 3/23/21 6:08 PM, Ondrej Mosnacek wrote: > > This series adds basic support for parallel relabeling to the libselinux > > API and the setfiles/restorecon CLI tools. It turns out that doing the > > relabeling in parallel can significantly reduce the time even with a > > relatively simple approach. > Nice! Have you any figures? Is it valid for both solid state and mechanical storage? They are in the last patch :) The VM setup I measured that on probably had the storage backed up by an SSD (or something with similar characteristics). I haven't tried it on an HDD yet. > > The first patch is a small cleanup that was found along the way and can > > be applied independently. Patches 2-4 are small incremental changes that > > make the internal selinux_restorecon functions more thread-safe (I kept > > them separate for ease of of review, but maybe they should be rather > > folded into the netx patch...). Patch 5 then completes the parallel > > relabeling implementation at libselinux level and adds a new function > > to the API that allows to make use of it. Finally, patch 6 adds parallel > > relabeling support to he setfiles/restorecon tools. > > > > The relevant man pages are also updated to reflect the new > > functionality. > > > > The patch descriptions contain more details, namely the last patch has > > also some benchmark numbers. > > > > Please test and review. I'm still not fully confident I got everything > > right (esp. regarding error handling), but I wanted to put this forward > > as an RFC to get some early feedback. > > > > Ondrej Mosnacek (6): > > selinux_restorecon: simplify fl_head allocation by using calloc() > > selinux_restorecon: protect file_spec list with a mutex > > selinux_restorecon: introduce selinux_log_sync() > > selinux_restorecon: add a global mutex to synchronize progress output > > selinux_restorecon: introduce selinux_restorecon_parallel(3) > > setfiles/restorecon: support parallel relabeling > > > > libselinux/include/selinux/restorecon.h | 14 + > > libselinux/man/man3/selinux_restorecon.3 | 29 + > > .../man/man3/selinux_restorecon_parallel.3 | 1 + > > libselinux/src/libselinux.map | 5 + > > libselinux/src/selinux_internal.h | 14 + > > libselinux/src/selinux_restorecon.c | 498 ++++++++++++------ > > policycoreutils/setfiles/Makefile | 2 +- > > policycoreutils/setfiles/restore.c | 7 +- > > policycoreutils/setfiles/restore.h | 2 +- > > policycoreutils/setfiles/restorecon.8 | 9 + > > policycoreutils/setfiles/setfiles.8 | 9 + > > policycoreutils/setfiles/setfiles.c | 28 +- > > 12 files changed, 436 insertions(+), 182 deletions(-) > > create mode 100644 libselinux/man/man3/selinux_restorecon_parallel.3 > > > -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
