This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 174557 - Starting udev slow with SELinux enabled
Starting udev slow with SELinux enabled
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libselinux (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-29 18:53 EST by Bojan Smojver
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-07 16:01:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch for selinux-policy (1.64 KB, patch)
2005-12-01 03:13 EST, Harald Hoyer
no flags Details | Diff
Patch for selinux-policy (1.64 KB, patch)
2005-12-01 03:20 EST, Harald Hoyer
no flags Details | Diff

  None (edit)
Description Bojan Smojver 2005-11-29 18:53:30 EST
Description of problem:
During boot, and with SELinux targeted enabled (permissive or enforcing, same
effect) the "Starting udev" phase takes about a minute. When SELinux is
disabled, the system boots up as normal. Relabelling the system does not help.


Version-Release number of selected component (if applicable):
2.0.6-1

How reproducible:
Always.


Steps to Reproduce:
1. Enable SELinux targeted, either permissive or enforcing.
2. Boot.
  
Actual results:
Starting udev takes about a minute to finish.

Expected results:
It should take slightly longer with SELinux, but not that long.

Additional info:
https://www.redhat.com/archives/fedora-devel-list/2005-November/msg00940.html
https://www.redhat.com/archives/fedora-devel-list/2005-November/msg00908.html
https://www.redhat.com/archives/fedora-devel-list/2005-November/msg00492.html
Comment 1 Harald Hoyer 2005-12-01 03:13:43 EST
Created attachment 121667 [details]
Patch for selinux-policy

Reflects the file changes in the udev package. Does not improve the boot speed.
Comment 2 Harald Hoyer 2005-12-01 03:20:06 EST
Created attachment 121668 [details]
Patch for selinux-policy

Reflects the file changes in the udev package. Does not improve the boot speed.
Comment 3 Harald Hoyer 2005-12-01 03:23:38 EST
I am currently profiling udevd for more information.
Comment 4 Kay Sievers 2005-12-02 00:08:16 EST
Seems the selinux support in udev itself is the reason for the slowness. I
traced the latest version with and without selinux support compiled in and get a
5-6 times longer runtime for a single process invocation. Most of the time is
spent in hundreds of calls like:
  05:46:53.013819 open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
  05:46:53.014061 write(5, "system_u:object_r:innd_exec_t:s0\0", 33) = 33
  05:46:53.014280 read(5, "system_u:object_r:innd_exec_t:s0\0", 4095) = 33

It's probably the initialization of every udev event process again and again.
Can't you guys do the selinux_init() once in the damon _before_ the events are
forked? Can the initilized state be inherited from the forked child? Remember
udev does not do a exec(), only a fork() and the event runs the same memory
image as the daemon itself, to get the already parsed rules from the daemon.
Comment 5 Harald Hoyer 2005-12-02 04:01:27 EST
this is matchpathcon_init() and matchpathcon() 
Comment 6 Harald Hoyer 2005-12-02 04:24:39 EST
hmm, libselinux-1.27.28 seems to improve things a "little" bit...
Comment 7 Bojan Smojver 2005-12-07 14:05:52 EST
Today's udev (076-1) and selinux-policy-targeted (2.0.11-1) seem to have solved
this one. At least on my box. The "Starting udev" and "Initializing hardware"
together, now take less than 10 seconds.

Note You need to log in before you can comment on or make changes to this bug.