Bug 426942 - Big time to start or stop cyphesis service
Big time to start or stop cyphesis service
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: cyphesis (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Wart
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-28 12:31 EST by Alexey Torkhov
Modified: 2008-07-26 02:06 EDT (History)
0 users

See Also:
Fixed In Version: 0.5.15-8.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-14 00:20:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alexey Torkhov 2007-12-28 12:31:52 EST
Description of problem:
Time to start or stop cyphesis service is too big. I think it's because of
semanage which is running on every start. Is it possible to do start/stop
without it? I don't see any other service which do semanage ports. 

Version-Release number of selected component (if applicable):
cyphesis-0.5.15-3.fc8
Comment 1 Wart 2007-12-28 12:37:15 EST
The only way to get rid of the semanage calls in the init script is to move the
cyphesis selinux policy to the main selinux policy package.  I'll file a request
with the selinux policy maintainer to add it.
Comment 2 Alexey Torkhov 2007-12-28 12:57:59 EST
Ah, I see. But that way it'll be hard to update policy.

I thought that policies that are modified with semanage are preserved between
restarts. Could it be runned only at install and uninstall time?
Comment 3 Wart 2007-12-28 14:05:19 EST
(In reply to comment #2)
> Ah, I see. But that way it'll be hard to update policy.

Right.

> I thought that policies that are modified with semanage are preserved between
> restarts.

Yes, they are.

> Could it be runned only at install and uninstall time?

The problem is the corner case where someone installs cyphesis-selinux with
selinux disabled, then enables selinux.  With selinux disabled, the calls to
semanage at install time will fail and the ports won't get defined.  Once the
user turns selinux back on, the ports will not be defined and cyphesis will fail
to start because the ports will be blocked.

I see two choices here:

* Live with the longer startup time
* Move the selinux policy to the main selinux policy package, and live with the
fact that updates may take a little longer
Comment 4 Alexey Torkhov 2007-12-28 14:26:21 EST
Well, cyphesis selinux policy isn't changing often. I think, if it solve long
startup time problem, it can be moved to main selinux policy package.
Comment 5 Wart 2008-04-07 01:12:48 EDT
The cyphesis port definitions that cause the slow startup time have moved to the
main selinux-policy package for F-9. I'll close this bug as soon as I verify
that the policy works.
Comment 6 Alexey Torkhov 2008-04-07 10:02:26 EDT
I've reported bug#441272 about selinux error in current version.
Comment 7 Wart 2008-06-06 13:40:22 EDT
Updating version to F9, as the selinux policy is not merged into the main
selinux-policy package in F8.
Comment 8 Fedora Update System 2008-06-06 13:41:34 EDT
cyphesis-0.5.15-7.fc9 has been submitted as an update for Fedora 9
Comment 9 Alexey Torkhov 2008-06-06 14:16:30 EDT
I checked new package - cyphesis-0.5.15-init.patch should be removed as it is
not needed any more.
Comment 10 Wart 2008-06-06 16:53:02 EDT
My bad.  I forgot to merge the patch from rawhide.  Expect a new build soon...
Comment 11 Wart 2008-06-06 22:37:35 EDT
New build with the updated init script: 
http://koji.fedoraproject.org/koji/buildinfo?buildID=51975
Comment 12 Fedora Update System 2008-06-09 23:12:30 EDT
cyphesis-0.5.15-8.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cyphesis'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5107
Comment 13 Fedora Update System 2008-06-14 00:20:12 EDT
cyphesis-0.5.15-8.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2008-07-26 02:06:22 EDT
cyphesis-0.5.15-8.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.