udev slowness and selinux

Jason Dravet dravet at hotmail.com
Tue Dec 6 17:29:05 UTC 2005 

>From: Stephen Smalley <sds at tycho.nsa.gov>
>To: Jason Dravet <dravet at hotmail.com>
>CC: Daniel J Walsh <dwalsh at redhat.com>, SELinux-dev at tresys.com,        
>fedora-selinux-list at redhat.com
>Subject: Re: udev slowness and selinux
>Date: Tue, 06 Dec 2005 10:45:14 -0500
>
>On Tue, 2005-12-06 at 09:24 -0600, Jason Dravet wrote:
> > Hello,
> >
> > I am running todays rawhide and udev is still slow, but it is better 
>than it
> > was.  Here are some numbers:
> > booting with selinux disabled: udev starts in 5 seconds
> > booting with selinux enabled (libselinux-1.27.28-1): udev starts in 26
> > seconds.
> > booting with selinux enabled (older than libselinux-1.27.28-1): udev 
>started
> > in 50-60 seconds.
> > I am running udev-075-4, kernel-2.6.14-1-1740, libselinux-1.27.28-1, and
> > selinux-policy-targeted-2.0.9-1.  I am running selinux in targeted 
>enforcing
> > mode.
>
>Hmmm...I'm still not sure I understand why there has been a recent
>slowdown, as I wouldn't have expected either reference policy or the
>matchpathcon canonicalization to have added that much overhead
>(particularly as we were already validating the contexts).  From your
>numbers above, it seems that the canonicalization is adding significant
>overhead, since the canonicalization is performed lazily in libselinux
>1.27.28, but we still have major overhead remaining.
>
>How exactly are you timing the startup time here, e.g. are you just
>inserting a time command prior to the /sbin/start_udev call in
>rc.sysinit or are you timing the entire sequence including the
>Initializing hardware setup?
>
>udev could/should be changed to call matchpathcon_init_prefix(NULL,
>"/dev") once at startup prior to any matchpathcon() calls to avoid the
>overhead of processing the entire file_contexts configuration.  But I'd
>like to get more information on where that time is being spent currently
>as well, so I'd like to know exactly how you are measuring so I can
>reproduce it and then try to profile it.
>
>--
>Stephen Smalley
>National Security Agency
>
I am using a stop watch to measure the time.  I start the watch when I see 
starting udev and I stop it when I see loading default keymap.  If you would 
like me to use a different method of timing please tell me how and I will be 
happy to use it.

Thanks,
Jason

More information about the fedora-selinux-list mailing list