Re: [PATCH] libsemanage: improve performance of semanage store rebuild

Petr Lautrbach <lautrbach@xxxxxxxxxx> · Mon, 03 Mar 2025 19:06:28 +0100

Jason Zaman <jason@xxxxxxxxxxxxx> writes:

> On Tue, Feb 25, 2025 at 08:55:23AM +0100, Petr Lautrbach wrote:
>> Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
>> ") added reopeniong selabel handle every time semanage_setfiles() is
>> called. It means that during `semodule -B`, `selabel_close()` and
>> `selabel_open()` could be called more than 1800x what could have a
>> significant performance impact.
>> 
>> It should be enough to reopen selabel handle just after semanage commit
>> when changes are applied.
>> 
>> Before 9d107ab77ba4:
>>     semodule -B  5.84s user 0.52s system 96% cpu 6.585 total
>> 
>> After 9d107ab77ba4:
>>     semodule -B  11.15s user 0.64s system 98% cpu 11.952 total
>> 
>> With this patch:
>>     semodule -B  5.51s user 0.41s system 98% cpu 6.014 total
>> 
>> Signed-off-by: Petr Lautrbach <lautrbach@xxxxxxxxxx>
> Acked-by: Jason Zaman <jason@xxxxxxxxxxxxx>

Merged.

>> ---
>>  libsemanage/src/semanage_store.c | 7 +++----
>>  1 file changed, 3 insertions(+), 4 deletions(-)
>> 
>> diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
>> index cf9aa809b7f8..307f27f9838b 100644
>> --- a/libsemanage/src/semanage_store.c
>> +++ b/libsemanage/src/semanage_store.c
>> @@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>>  	    semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
>>  	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
>>  	struct stat buf;
>> +	struct selabel_handle *sehandle;
>>  
>>  	/* update the commit number */
>>  	if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
>> @@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
>>  
>>        cleanup:
>>  	semanage_release_active_lock(sh);
>> +	sehandle = selinux_restorecon_default_handle();
>> +	selinux_restorecon_set_sehandle(sehandle);
>>  	return retval;
>>  }
>>  
>> @@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
>>  void semanage_setfiles(semanage_handle_t * sh, const char *path){
>>  	struct stat sb;
>>  	int fd;
>> -	struct selabel_handle *sehandle;
>>  
>>  	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
>>  	union selinux_callback cb = { .func_log = log_callback_mute };
>>  
>> -	sehandle = selinux_restorecon_default_handle();
>> -	selinux_restorecon_set_sehandle(sehandle);
>> -
>>  	/* Mute all logs */
>>  	selinux_set_callback(SELINUX_CB_LOG, cb);
>>  
>> -- 
>> 2.48.1
>> 
>> 