udev slowness and selinux
sds at tycho.nsa.gov
Tue Dec 6 15:45:14 UTC 2005
On Tue, 2005-12-06 at 09:24 -0600, Jason Dravet wrote:
> I am running todays rawhide and udev is still slow, but it is better than it
> was. Here are some numbers:
> booting with selinux disabled: udev starts in 5 seconds
> booting with selinux enabled (libselinux-1.27.28-1): udev starts in 26
> booting with selinux enabled (older than libselinux-1.27.28-1): udev started
> in 50-60 seconds.
> I am running udev-075-4, kernel-2.6.14-1-1740, libselinux-1.27.28-1, and
> selinux-policy-targeted-2.0.9-1. I am running selinux in targeted enforcing
Hmmm...I'm still not sure I understand why there has been a recent
slowdown, as I wouldn't have expected either reference policy or the
matchpathcon canonicalization to have added that much overhead
(particularly as we were already validating the contexts). From your
numbers above, it seems that the canonicalization is adding significant
overhead, since the canonicalization is performed lazily in libselinux
1.27.28, but we still have major overhead remaining.
How exactly are you timing the startup time here, e.g. are you just
inserting a time command prior to the /sbin/start_udev call in
rc.sysinit or are you timing the entire sequence including the
Initializing hardware setup?
udev could/should be changed to call matchpathcon_init_prefix(NULL,
"/dev") once at startup prior to any matchpathcon() calls to avoid the
overhead of processing the entire file_contexts configuration. But I'd
like to get more information on where that time is being spent currently
as well, so I'd like to know exactly how you are measuring so I can
reproduce it and then try to profile it.
National Security Agency
More information about the fedora-selinux-list