Petr Lautrbach <plautrba@xxxxxxxxxx> writes: > Ondrej Mosnacek <omosnace@xxxxxxxxxx> writes: > >> On Tue, Oct 26, 2021 at 1:52 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: >>> This series adds basic support for parallel relabeling to the libselinux >>> API and the setfiles/restorecon CLI tools. It turns out that doing the >>> relabeling in parallel can significantly reduce the time even with a >>> relatively simple approach. >>> >>> The first patch fixes a data race around match tracking in label_file. >>> Second patch is a small cleanup found along the way. Patches 3-6 are >>> small incremental changes that various functions more thread-safe. >>> Patch 7 then completes the parallel relabeling implementation at >>> libselinux level and adds a new function to the API that allows to make >>> use of it. Finally, patch 8 adds parallel relabeling support to the >>> setfiles/restorecon tools. >>> >>> The relevant man pages are also updated to reflect the new >>> functionality. >>> >>> The patch descriptions contain more details, namely the last patch has >>> also some benchmark numbers. >>> >>> Changes v3->v4: >>> - add a patch to fix a pre-existing data race in is_context_customizable() >>> >>> Changes v2->v3: >>> - add a patch to fix a pre-existing data race in label_file >>> - wait for threads to complete using pthread_join(3) to prevent thread leaks >>> >>> Changes v1->v2: >>> - make selinux_log() synchronized instead of introducing selinux_log_sync() >>> - fix -Wcomma warning >>> - update the swig files as well >>> - bump new symbol version to LIBSELINUX_3.3 (this may need further update >>> depending on when this gets merged) >>> >>> Ondrej Mosnacek (8): >>> label_file: fix a data race >>> selinux_restorecon: simplify fl_head allocation by using calloc() >>> selinux_restorecon: protect file_spec list with a mutex >>> libselinux: make selinux_log() thread-safe >>> libselinux: make is_context_customizable() thread-safe >>> selinux_restorecon: add a global mutex to synchronize progress output >>> selinux_restorecon: introduce selinux_restorecon_parallel(3) >>> setfiles/restorecon: support parallel relabeling >> >> A friendly reminder that these patches could use a review/ack :) > > > Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> It's merged now. Thanks! > # chcon -R -t admin_home_t /usr > # time restorecon -r -F /usr > > real 1m13.629s > user 1m11.581s > sys 0m1.885s > > # chcon -R -t admin_home_t /usr > # time restorecon -r -F -T 0 /usr > > real 0m7.425s > user 1m18.712s > sys 0m3.692s > > >> -- >> Ondrej Mosnacek >> Software Engineer, Linux Security - SELinux kernel >> Red Hat, Inc.
