| Message ID | 20211026115239.267449-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Parallel setfiles/restorecon | expand |
On Tue, Oct 26, 2021 at 1:52 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > This series adds basic support for parallel relabeling to the libselinux > API and the setfiles/restorecon CLI tools. It turns out that doing the > relabeling in parallel can significantly reduce the time even with a > relatively simple approach. > > The first patch fixes a data race around match tracking in label_file. > Second patch is a small cleanup found along the way. Patches 3-6 are > small incremental changes that various functions more thread-safe. > Patch 7 then completes the parallel relabeling implementation at > libselinux level and adds a new function to the API that allows to make > use of it. Finally, patch 8 adds parallel relabeling support to the > setfiles/restorecon tools. > > The relevant man pages are also updated to reflect the new > functionality. > > The patch descriptions contain more details, namely the last patch has > also some benchmark numbers. > > Changes v3->v4: > - add a patch to fix a pre-existing data race in is_context_customizable() > > Changes v2->v3: > - add a patch to fix a pre-existing data race in label_file > - wait for threads to complete using pthread_join(3) to prevent thread leaks > > Changes v1->v2: > - make selinux_log() synchronized instead of introducing selinux_log_sync() > - fix -Wcomma warning > - update the swig files as well > - bump new symbol version to LIBSELINUX_3.3 (this may need further update > depending on when this gets merged) > > Ondrej Mosnacek (8): > label_file: fix a data race > selinux_restorecon: simplify fl_head allocation by using calloc() > selinux_restorecon: protect file_spec list with a mutex > libselinux: make selinux_log() thread-safe > libselinux: make is_context_customizable() thread-safe > selinux_restorecon: add a global mutex to synchronize progress output > selinux_restorecon: introduce selinux_restorecon_parallel(3) > setfiles/restorecon: support parallel relabeling A friendly reminder that these patches could use a review/ack :)
Ondrej Mosnacek <omosnace@redhat.com> writes: > On Tue, Oct 26, 2021 at 1:52 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: >> This series adds basic support for parallel relabeling to the libselinux >> API and the setfiles/restorecon CLI tools. It turns out that doing the >> relabeling in parallel can significantly reduce the time even with a >> relatively simple approach. >> >> The first patch fixes a data race around match tracking in label_file. >> Second patch is a small cleanup found along the way. Patches 3-6 are >> small incremental changes that various functions more thread-safe. >> Patch 7 then completes the parallel relabeling implementation at >> libselinux level and adds a new function to the API that allows to make >> use of it. Finally, patch 8 adds parallel relabeling support to the >> setfiles/restorecon tools. >> >> The relevant man pages are also updated to reflect the new >> functionality. >> >> The patch descriptions contain more details, namely the last patch has >> also some benchmark numbers. >> >> Changes v3->v4: >> - add a patch to fix a pre-existing data race in is_context_customizable() >> >> Changes v2->v3: >> - add a patch to fix a pre-existing data race in label_file >> - wait for threads to complete using pthread_join(3) to prevent thread leaks >> >> Changes v1->v2: >> - make selinux_log() synchronized instead of introducing selinux_log_sync() >> - fix -Wcomma warning >> - update the swig files as well >> - bump new symbol version to LIBSELINUX_3.3 (this may need further update >> depending on when this gets merged) >> >> Ondrej Mosnacek (8): >> label_file: fix a data race >> selinux_restorecon: simplify fl_head allocation by using calloc() >> selinux_restorecon: protect file_spec list with a mutex >> libselinux: make selinux_log() thread-safe >> libselinux: make is_context_customizable() thread-safe >> selinux_restorecon: add a global mutex to synchronize progress output >> selinux_restorecon: introduce selinux_restorecon_parallel(3) >> setfiles/restorecon: support parallel relabeling > > A friendly reminder that these patches could use a review/ack :) Acked-by: Petr Lautrbach <plautrba@redhat.com> # chcon -R -t admin_home_t /usr # time restorecon -r -F /usr real 1m13.629s user 1m11.581s sys 0m1.885s # chcon -R -t admin_home_t /usr # time restorecon -r -F -T 0 /usr real 0m7.425s user 1m18.712s sys 0m3.692s > -- > Ondrej Mosnacek > Software Engineer, Linux Security - SELinux kernel > Red Hat, Inc.
Petr Lautrbach <plautrba@redhat.com> writes: > Ondrej Mosnacek <omosnace@redhat.com> writes: > >> On Tue, Oct 26, 2021 at 1:52 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: >>> This series adds basic support for parallel relabeling to the libselinux >>> API and the setfiles/restorecon CLI tools. It turns out that doing the >>> relabeling in parallel can significantly reduce the time even with a >>> relatively simple approach. >>> >>> The first patch fixes a data race around match tracking in label_file. >>> Second patch is a small cleanup found along the way. Patches 3-6 are >>> small incremental changes that various functions more thread-safe. >>> Patch 7 then completes the parallel relabeling implementation at >>> libselinux level and adds a new function to the API that allows to make >>> use of it. Finally, patch 8 adds parallel relabeling support to the >>> setfiles/restorecon tools. >>> >>> The relevant man pages are also updated to reflect the new >>> functionality. >>> >>> The patch descriptions contain more details, namely the last patch has >>> also some benchmark numbers. >>> >>> Changes v3->v4: >>> - add a patch to fix a pre-existing data race in is_context_customizable() >>> >>> Changes v2->v3: >>> - add a patch to fix a pre-existing data race in label_file >>> - wait for threads to complete using pthread_join(3) to prevent thread leaks >>> >>> Changes v1->v2: >>> - make selinux_log() synchronized instead of introducing selinux_log_sync() >>> - fix -Wcomma warning >>> - update the swig files as well >>> - bump new symbol version to LIBSELINUX_3.3 (this may need further update >>> depending on when this gets merged) >>> >>> Ondrej Mosnacek (8): >>> label_file: fix a data race >>> selinux_restorecon: simplify fl_head allocation by using calloc() >>> selinux_restorecon: protect file_spec list with a mutex >>> libselinux: make selinux_log() thread-safe >>> libselinux: make is_context_customizable() thread-safe >>> selinux_restorecon: add a global mutex to synchronize progress output >>> selinux_restorecon: introduce selinux_restorecon_parallel(3) >>> setfiles/restorecon: support parallel relabeling >> >> A friendly reminder that these patches could use a review/ack :) > > > Acked-by: Petr Lautrbach <plautrba@redhat.com> It's merged now. Thanks! > # chcon -R -t admin_home_t /usr > # time restorecon -r -F /usr > > real 1m13.629s > user 1m11.581s > sys 0m1.885s > > # chcon -R -t admin_home_t /usr > # time restorecon -r -F -T 0 /usr > > real 0m7.425s > user 1m18.712s > sys 0m3.692s > > >> -- >> Ondrej Mosnacek >> Software Engineer, Linux Security - SELinux kernel >> Red Hat, Inc.