udev slowness and selinux
dravet at hotmail.com
Tue Dec 6 17:29:05 UTC 2005
>From: Stephen Smalley <sds at tycho.nsa.gov>
>To: Jason Dravet <dravet at hotmail.com>
>CC: Daniel J Walsh <dwalsh at redhat.com>, SELinux-dev at tresys.com,
>fedora-selinux-list at redhat.com
>Subject: Re: udev slowness and selinux
>Date: Tue, 06 Dec 2005 10:45:14 -0500
>On Tue, 2005-12-06 at 09:24 -0600, Jason Dravet wrote:
> > Hello,
> > I am running todays rawhide and udev is still slow, but it is better
> > was. Here are some numbers:
> > booting with selinux disabled: udev starts in 5 seconds
> > booting with selinux enabled (libselinux-1.27.28-1): udev starts in 26
> > seconds.
> > booting with selinux enabled (older than libselinux-1.27.28-1): udev
> > in 50-60 seconds.
> > I am running udev-075-4, kernel-2.6.14-1-1740, libselinux-1.27.28-1, and
> > selinux-policy-targeted-2.0.9-1. I am running selinux in targeted
> > mode.
>Hmmm...I'm still not sure I understand why there has been a recent
>slowdown, as I wouldn't have expected either reference policy or the
>matchpathcon canonicalization to have added that much overhead
>(particularly as we were already validating the contexts). From your
>numbers above, it seems that the canonicalization is adding significant
>overhead, since the canonicalization is performed lazily in libselinux
>1.27.28, but we still have major overhead remaining.
>How exactly are you timing the startup time here, e.g. are you just
>inserting a time command prior to the /sbin/start_udev call in
>rc.sysinit or are you timing the entire sequence including the
>Initializing hardware setup?
>udev could/should be changed to call matchpathcon_init_prefix(NULL,
>"/dev") once at startup prior to any matchpathcon() calls to avoid the
>overhead of processing the entire file_contexts configuration. But I'd
>like to get more information on where that time is being spent currently
>as well, so I'd like to know exactly how you are measuring so I can
>reproduce it and then try to profile it.
>National Security Agency
I am using a stop watch to measure the time. I start the watch when I see
starting udev and I stop it when I see loading default keymap. If you would
like me to use a different method of timing please tell me how and I will be
happy to use it.
More information about the fedora-selinux-list