Jason Dravet wrote:
> From: Stephen Smalley <sds(a)tycho.nsa.gov>
> To: Jason Dravet <dravet(a)hotmail.com>
> CC: Daniel J Walsh <dwalsh(a)redhat.com>,
> SELinux-dev(a)tresys.com, fedora-selinux-list(a)redhat.com
> Subject: Re: udev slowness and selinux
> Date: Tue, 06 Dec 2005 10:45:14 -0500
>
> On Tue, 2005-12-06 at 09:24 -0600, Jason Dravet wrote:
> > Hello,
> >
> > I am running todays rawhide and udev is still slow, but it is
> better than it
> > was. Here are some numbers:
> > booting with selinux disabled: udev starts in 5 seconds
> > booting with selinux enabled (libselinux-1.27.28-1): udev starts in 26
> > seconds.
> > booting with selinux enabled (older than libselinux-1.27.28-1):
> udev started
> > in 50-60 seconds.
> > I am running udev-075-4, kernel-2.6.14-1-1740,
> libselinux-1.27.28-1, and
> > selinux-policy-targeted-2.0.9-1. I am running selinux in targeted
> enforcing
> > mode.
>
> Hmmm...I'm still not sure I understand why there has been a recent
> slowdown, as I wouldn't have expected either reference policy or the
> matchpathcon canonicalization to have added that much overhead
> (particularly as we were already validating the contexts). From your
> numbers above, it seems that the canonicalization is adding significant
> overhead, since the canonicalization is performed lazily in libselinux
> 1.27.28, but we still have major overhead remaining.
>
> How exactly are you timing the startup time here, e.g. are you just
> inserting a time command prior to the /sbin/start_udev call in
> rc.sysinit or are you timing the entire sequence including the
> Initializing hardware setup?
>
> udev could/should be changed to call matchpathcon_init_prefix(NULL,
> "/dev") once at startup prior to any matchpathcon() calls to avoid the
> overhead of processing the entire file_contexts configuration. But I'd
> like to get more information on where that time is being spent currently
> as well, so I'd like to know exactly how you are measuring so I can
> reproduce it and then try to profile it.
>
> --
> Stephen Smalley
> National Security Agency
>
I am using a stop watch to measure the time. I start the watch when I
see starting udev and I stop it when I see loading default keymap. If
you would like me to use a different method of timing please tell me
how and I will be happy to use it.
Thanks,
Jason
matchpathcon_init_prefix(NULL, "/dev")
has been added to udev, not sure when it will hit rawhide.
--