Bug 751736
| Summary: | Slow performance when using Kerberos | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sylvain Baubeau <bob> | |
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> | |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 15 | CC: | buzilla.redhat.com, dwalsh, nalin, shuff | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 846472 (view as bug list) | Environment: | ||
| Last Closed: | 2012-08-07 17:27:50 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
|
Description
Sylvain Baubeau
2011-11-07 11:59:56 UTC
Currently we load the label configuration whenever we need to determine the label to give to a file that's about to be created, to ensure that it's labeled correctly. We might be able to cut down on the amount of time that a process spends doing this after it's loaded the file once, but loading the file the first time is still going to be expensive. Dan, is there a cleaner way to speed this up? Well if you are doing it every time, You could specify the prefix path. For example, udev knows that it will only be labeling /dev/... So it tells selinux that it will only be labeling /dev and then only loads the regular expressions that would effect a object in /dev. If we could know that the contents are only in /tmp or /etc/ you could use the prefix. In F15 you can only specify one Prefix, in F16 I believe you can specify multiple. Hmm, at the point where we initialize the labeling handle, we actually know the target path exactly. Will passing it in as a value for a SELABEL_OPT_SUBSET option save us much time? If so, it'd make for a pretty trivial fix. Well then you take the hit every time. If it is a long running process you might want to load all regex, if you come up and execute a signal lookup and exit then using prefixes would be much faster. I think the prefix has to be a directory though. This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |