'install' command goes "oink!" after recent updates.
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 30 19:24:20 UTC 2005
Valdis.Kletnieks at vt.edu wrote:
> coreutils-5.93-4
> libsepol-1.9.41-1
> libsemanage-1.3.59-1
> libsetrans-0.1.8-1
>
> Not sure if this is a coreutils bug or an selinux bug. Recently, I noticed
> that a 'make install' that called /usr/bin/install ran *very* slowly:
>
> % time cp hello.c /tmp/hello.c
> real 0m0.040s
> user 0m0.008s
> sys 0m0.016s
> % time /usr/bin/install -c -m 644 hello.c /tmp/hello.c
> real 0m4.641s
> user 0m1.608s
> sys 0m0.388s
>
> Literally 100 times slower. Gaak.
>
> A bit of playing with strace showed why:
>
> strace install -c -m 644 hello.c /tmp/hello.c
>
> 7,745 system calls. Of those, only 297 were *not* part of the 1,862 times
> that 'install' did an open/write/read/close of /selinux/context - once for every
> single file context type it found, whether or not it had anything to do with
> the file that was actually being installed.
>
> This is a show-stopper guys - when something like this bloats a 'make install'
> from something that takes 2 minute into something that you don't bother checking
> until you get back from lunch, it *will* add dramatically to the "security takes
> waaaay too much resources" bandwagon.
>
> Almost-full strace follows.
>
> execve("/usr/bin/install", ["install", "-c", "-m", "644", "hello.c", "/tmp/hello.c"], [/* 56 vars */]) = 0
> brk(0) = 0x805a000
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f16000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=72776, ...}) = 0
> mmap2(NULL, 72776, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f04000
> close(3) = 0
> open("/usr/lib/libacl.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\23"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=24996, ...}) = 0
> mmap2(NULL, 27832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7efd000
> mmap2(0xb7f03000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7f03000
> close(3) = 0
> open("/lib/libselinux.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`2\0\000"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=83848, ...}) = 0
> mmap2(NULL, 85008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ee8000
> mmap2(0xb7efc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb7efc000
> close(3) = 0
> open("/lib/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0ZW\1\000"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1460028, ...}) = 0
> mmap2(NULL, 1227740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dbc000
> mmap2(0xb7ee2000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x125) = 0xb7ee2000
> mmap2(0xb7ee6000, 7132, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ee6000
> close(3) = 0
> open("/usr/lib/libattr.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\v\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=32990, ...}) = 0
> mmap2(NULL, 15376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db8000
> mmap2(0xb7dbb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb7dbb000
> close(3) = 0
> open("/lib/libdl.so.2", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\f\0\000"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=13892, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7db7000
> mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db3000
> mmap2(0xb7db5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7db5000
> close(3) = 0
> open("/lib/libsepol.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200#\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=204168, ...}) = 0
> mmap2(NULL, 249380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d76000
> mmap2(0xb7da8000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x31) = 0xb7da8000
> mmap2(0xb7da9000, 40484, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7da9000
> close(3) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d75000
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7d756b0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> mprotect(0xb7db5000, 4096, PROT_READ) = 0
> mprotect(0xb7ee2000, 8192, PROT_READ) = 0
> mprotect(0xb7f30000, 4096, PROT_READ) = 0
> munmap(0xb7f04000, 72776) = 0
> access("/etc/selinux/", F_OK) = 0
> brk(0) = 0x805a000
> brk(0x807b000) = 0x807b000
> open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=71, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000
> read(3, "# Stray comment\nSELINUX=permissi"..., 4096) = 71
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0xb7f15000, 4096) = 0
> open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000
> read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 1024
> close(3) = 0
> munmap(0xb7f15000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=72776, ...}) = 0
> mmap2(NULL, 72776, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f04000
> close(3) = 0
> open("/lib/libsetrans.so.0", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\n\0\000"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=6804, ...}) = 0
> mmap2(NULL, 9680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d72000
> mmap2(0xb7d74000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7d74000
> close(3) = 0
> munmap(0xb7f04000, 72776) = 0
> open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
> read(3, "1", 19) = 1
> close(3) = 0
> open("/etc/selinux/strict/setrans.conf", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=594, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000
> read(3, "#\n# Multi-Category Security tran"..., 4096) = 594
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0xb7f15000, 4096) = 0
> open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
> read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 305
> open("/proc/self/attr/current", O_RDONLY|O_LARGEFILE) = 4
> read(4, "valdis:staff_r:staff_t:s0-s0:c0."..., 4095) = 37
> close(4) = 0
> close(3) = 0
> open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=54054656, ...}) = 0
> mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7b72000
> mmap2(NULL, 204800, PROT_READ, MAP_PRIVATE, 3, 0x121f) = 0xb7b40000
> mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE, 3, 0x2b89) = 0xb7b3f000
> close(3) = 0
> geteuid32() = 967
> umask(0) = 022
> stat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
> stat64("hello.c", {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
> stat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
> unlink("/tmp/hello.c") = 0
> open("hello.c", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
> open("/tmp/hello.c", O_WRONLY|O_CREAT|O_LARGEFILE, 0100664) = 4
> fstat64(4, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
> fstat64(3, {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
> read(3, "main() {printf(\"Hello world!\\n\")"..., 4096) = 35
> write(4, "main() {printf(\"Hello world!\\n\")"..., 35) = 35
> read(3, "", 4096) = 0
> close(4) = 0
> close(3) = 0
> setxattr("/tmp/hello.c", "system.posix_acl_access", "\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x00\x00\xff\xff\xff\xff \x00\x00\x00\xff\xff\xff\xff", 28, 0) = -1 EOPNOTSUPP (Operation not supported)
> chmod("/tmp/hello.c", 0600) = 0
> chown32("/tmp/hello.c", -1, -1) = 0
> chmod("/tmp/hello.c", 0644) = 0
> lstat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
> open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
> read(3, "1", 19) = 1
> close(3) = 0
> open("/etc/selinux/strict/contexts/files/file_contexts", O_RDONLY|O_LARGEFILE) = 3
> open("/etc/selinux/strict/contexts/files/file_contexts.homedirs", O_RDONLY|O_LARGEFILE) = 4
> open("/etc/selinux/strict/contexts/files/file_contexts.local", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
> fstat64(3, {st_mode=S_IFREG|0644, st_size=114044, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7b3e000
> read(3, "# Distro-specific customizations"..., 4096) = 4096
> read(3, "b[^/]*\\.so(\\.[^/]*)* --\tsystem_u"..., 4096) = 4096
> read(3, "ovable device...\n/dev/pd[a-d][^/"..., 4096) = 4096
> read(3, "r:bin_t:s0\n/opt(/.*)?/sbin(/.*)?"..., 4096) = 4096
> read(3, "*)?\tsystem_u:object_r:man_t:s0\n/"..., 4096) = 4096
> read(3, "/usr/sbin/accton\t--\tsystem_u:obj"..., 4096) = 4096
> read(3, "-\tsystem_u:object_r:amanda_user_"..., 4096) = 4096
> read(3, "\n/var/run/\\.?acpid\\.socket\t-s\tsy"..., 4096) = 4096
> read(3, "ject_r:comsat_exec_t:s0\n# consol"..., 4096) = 4096
> read(3, "r:bin_t:s0\n/usr/lib(64)?/cups/cg"..., 4096) = 4096
> read(3, "larm-notify.*\t--\tsystem_u:object"..., 4096) = 4096
> read(3, "object_r:xferlog_t:s0\n/var/log/x"..., 4096) = 4096
> read(3, "usr/lib/gnupg/.*\t--\tsystem_u:obj"..., 4096) = 4096
> read(3, "_t:s0\n/etc/init\\.d/.*\t\t--\tsystem"..., 4096) = 4096
> read(3, "tem_u:object_r:innd_exec_t:s0\n# "..., 4096) = 4096
> read(3, "--\tsystem_u:object_r:load_policy"..., 4096) = 4096
> read(3, "ct_r:lvm_exec_t:s0\n/sbin/vgscan\t"..., 4096) = 4096
> read(3, "luggerrc system_u:object_r:mozil"..., 4096) = 4096
> read(3, "\t\tsystem_u:object_r:ntpd_log_t:s"..., 4096) = 4096
> read(3, "\n/usr/sbin/postqueue\t--\tsystem_u"..., 4096) = 4096
> read(3, "voxy(/.*)?\t\tsystem_u:object_r:pr"..., 4096) = 4096
> read(3, "_u:object_r:samba_log_t:s0\n/var/"..., 4096) = 4096
> read(3, "var_run_t:s0\n/var/run/snmpd\t\t-d\t"..., 4096) = 4096
> read(3, "ct_r:traceroute_exec_t:s0\n/usr/b"..., 4096) = 4096
> read(3, ":s0\n#/usr/local/vmware/[^/]*/.*\\"..., 4096) = 4096
> read(3, "on\n/usr/sbin/zebra\t\t--\tsystem_u:"..., 4096) = 4096
> read(3, "tem_u:object_r:bin_t:s0\n/emul/ia"..., 4096) = 4096
> read(3, "r:texrel_shlib_t:s0\n/usr/lib/lad"..., 4096) = 3452
> read(3, "", 4096) = 0
> fstat64(4, {st_mode=S_IFREG|0644, st_size=9381, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7b3d000
> read(4, "\n#\n#\n# User-specific file contex"..., 4096) = 4096
> read(4, "onts.cache-.*\t--\troot:object_r:s"..., 4096) = 4096
> read(4, "me_t:s0\n/home/valdis/\\.screenrc\t"..., 4096) = 1189
> read(4, "", 4096) = 0
> _llseek(3, 0, [0], SEEK_SET) = 0
> _llseek(4, 0, [0], SEEK_SET) = 0
> read(3, "# Distro-specific customizations"..., 4096) = 4096
> open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
> write(5, "system_u:object_r:default_t:s0\0", 31) = 31
> read(5, "system_u:object_r:default_t:s0\0", 4095) = 31
> close(5) = 0
> open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
> write(5, "system_u:object_r:root_t:s0\0", 28) = 28
> read(5, "system_u:object_r:root_t:s0\0", 4095) = 28
> close(5) = 0
>
> (1,858 iterations of open/write/read/close deleted)
>
> open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
> write(5, "valdis:object_r:staff_orbit_tmp_"..., 37) = 37
> read(5, "valdis:object_r:staff_orbit_tmp_"..., 4095) = 37
> close(5) = 0
> open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
> write(5, "valdis:object_r:staff_orbit_tmp_"..., 37) = 37
> read(5, "valdis:object_r:staff_orbit_tmp_"..., 4095) = 37
> close(5) = 0
> close(3) = 0
> munmap(0xb7b3e000, 4096) = 0
> close(4) = 0
> munmap(0xb7b3d000, 4096) = 0
> brk(0x863e000) = 0x863e000
> close(1) = 0
> munmap(0xb7d72000, 9680) = 0
> exit_group(0) = ?
> Process 17917 detached
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Sounds like that is probably the udev problem also.
--
More information about the fedora-selinux-list
mailing list