Bug 174557

Summary: Starting udev slow with SELinux enabled
Product: [Fedora] Fedora Reporter: Bojan Smojver <bojan>
Component: libselinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-12-07 21:01:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch for selinux-policy
none
Patch for selinux-policy none

Description Bojan Smojver 2005-11-29 23:53:30 UTC 
Description of problem:
During boot, and with SELinux targeted enabled (permissive or enforcing, same
effect) the "Starting udev" phase takes about a minute. When SELinux is
disabled, the system boots up as normal. Relabelling the system does not help.


Version-Release number of selected component (if applicable):
2.0.6-1

How reproducible:
Always.


Steps to Reproduce:
1. Enable SELinux targeted, either permissive or enforcing.
2. Boot.
  
Actual results:
Starting udev takes about a minute to finish.

Expected results:
It should take slightly longer with SELinux, but not that long.

Additional info:
https://www.redhat.com/archives/fedora-devel-list/2005-November/msg00940.html
https://www.redhat.com/archives/fedora-devel-list/2005-November/msg00908.html
https://www.redhat.com/archives/fedora-devel-list/2005-November/msg00492.html
Comment 1 Harald Hoyer 2005-12-01 08:13:43 UTC 
Created attachment 121667 [details]
Patch for selinux-policy

Reflects the file changes in the udev package. Does not improve the boot speed.
Comment 2 Harald Hoyer 2005-12-01 08:20:06 UTC 
Created attachment 121668 [details]
Patch for selinux-policy

Reflects the file changes in the udev package. Does not improve the boot speed.
Comment 3 Harald Hoyer 2005-12-01 08:23:38 UTC 
I am currently profiling udevd for more information.
Comment 4 Kay Sievers 2005-12-02 05:08:16 UTC 
Seems the selinux support in udev itself is the reason for the slowness. I
traced the latest version with and without selinux support compiled in and get a
5-6 times longer runtime for a single process invocation. Most of the time is
spent in hundreds of calls like:
  05:46:53.013819 open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
  05:46:53.014061 write(5, "system_u:object_r:innd_exec_t:s0\0", 33) = 33
  05:46:53.014280 read(5, "system_u:object_r:innd_exec_t:s0\0", 4095) = 33

It's probably the initialization of every udev event process again and again.
Can't you guys do the selinux_init() once in the damon _before_ the events are
forked? Can the initilized state be inherited from the forked child? Remember
udev does not do a exec(), only a fork() and the event runs the same memory
image as the daemon itself, to get the already parsed rules from the daemon.
Comment 5 Harald Hoyer 2005-12-02 09:01:27 UTC 
this is matchpathcon_init() and matchpathcon()
Comment 6 Harald Hoyer 2005-12-02 09:24:39 UTC 
hmm, libselinux-1.27.28 seems to improve things a "little" bit...
Comment 7 Bojan Smojver 2005-12-07 19:05:52 UTC 
Today's udev (076-1) and selinux-policy-targeted (2.0.11-1) seem to have solved
this one. At least on my box. The "Starting udev" and "Initializing hardware"
together, now take less than 10 seconds.