| Message ID | 20250225075555.16136-1-lautrbach@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | libsemanage: improve performance of semanage store rebuild | expand |
On Tue, Feb 25, 2025 at 08:55:23AM +0100, Petr Lautrbach wrote: > Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon > ") added reopeniong selabel handle every time semanage_setfiles() is > called. It means that during `semodule -B`, `selabel_close()` and > `selabel_open()` could be called more than 1800x what could have a > significant performance impact. > > It should be enough to reopen selabel handle just after semanage commit > when changes are applied. > > Before 9d107ab77ba4: > semodule -B 5.84s user 0.52s system 96% cpu 6.585 total > > After 9d107ab77ba4: > semodule -B 11.15s user 0.64s system 98% cpu 11.952 total > > With this patch: > semodule -B 5.51s user 0.41s system 98% cpu 6.014 total > > Signed-off-by: Petr Lautrbach <lautrbach@redhat.com> Acked-by: Jason Zaman <jason@perfinion.com> > --- > libsemanage/src/semanage_store.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c > index cf9aa809b7f8..307f27f9838b 100644 > --- a/libsemanage/src/semanage_store.c > +++ b/libsemanage/src/semanage_store.c > @@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) > semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL); > const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL); > struct stat buf; > + struct selabel_handle *sehandle; > > /* update the commit number */ > if ((commit_number = semanage_direct_get_serial(sh)) < 0) { > @@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) > > cleanup: > semanage_release_active_lock(sh); > + sehandle = selinux_restorecon_default_handle(); > + selinux_restorecon_set_sehandle(sehandle); > return retval; > } > > @@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons > void semanage_setfiles(semanage_handle_t * sh, const char *path){ > struct stat sb; > int fd; > - struct selabel_handle *sehandle; > > union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG); > union selinux_callback cb = { .func_log = log_callback_mute }; > > - sehandle = selinux_restorecon_default_handle(); > - selinux_restorecon_set_sehandle(sehandle); > - > /* Mute all logs */ > selinux_set_callback(SELINUX_CB_LOG, cb); > > -- > 2.48.1 > >
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index cf9aa809b7f8..307f27f9838b 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -1712,6 +1712,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL); const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL); struct stat buf; + struct selabel_handle *sehandle; /* update the commit number */ if ((commit_number = semanage_direct_get_serial(sh)) < 0) { @@ -1822,6 +1823,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) cleanup: semanage_release_active_lock(sh); + sehandle = selinux_restorecon_default_handle(); + selinux_restorecon_set_sehandle(sehandle); return retval; } @@ -3012,14 +3015,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons void semanage_setfiles(semanage_handle_t * sh, const char *path){ struct stat sb; int fd; - struct selabel_handle *sehandle; union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG); union selinux_callback cb = { .func_log = log_callback_mute }; - sehandle = selinux_restorecon_default_handle(); - selinux_restorecon_set_sehandle(sehandle); - /* Mute all logs */ selinux_set_callback(SELINUX_CB_LOG, cb);
Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon ") added reopeniong selabel handle every time semanage_setfiles() is called. It means that during `semodule -B`, `selabel_close()` and `selabel_open()` could be called more than 1800x what could have a significant performance impact. It should be enough to reopen selabel handle just after semanage commit when changes are applied. Before 9d107ab77ba4: semodule -B 5.84s user 0.52s system 96% cpu 6.585 total After 9d107ab77ba4: semodule -B 11.15s user 0.64s system 98% cpu 11.952 total With this patch: semodule -B 5.51s user 0.41s system 98% cpu 6.014 total Signed-off-by: Petr Lautrbach <lautrbach@redhat.com> --- libsemanage/src/semanage_store.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)