Issue #1702 has been updated by luke.
Just to be clear, this patch fixes all of the speed issues with selinux? Because at this point, it sounds like the selinux support is having a drastic impact on everyone, even those who aren't using selinux. If it's going to have any kind of significant performance impact, I'd prefer removing all of the selinux code until it can be shown to be efficient. I'd rather put out a 0.24.7 release with no selinux support than delay 0.24.7 a month to get faster support. ---------------------------------------- Bug #1702: SELinux code inefficiently makes syscalls to stat and matchpathcon http://projects.reductivelabs.com/issues/show/1702 Author: ohookins Status: Ready for Testing Priority: Normal Assigned to: seanmil Category: file Target version: 0.24.7 Complexity: Unknown Affected version: 0.24.6 Keywords: <pre> debug: /File[/var/lib/puppet/clientbucket]/seluser: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/seluser: Found seluser default 'system_u' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/selrole: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/selrole: Found selrole default 'object_r' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/seltype: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/seltype: Found seltype default 'var_lib_t' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/selrange: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/selrange: Found selrange default '' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/seluser: Executing '/usr/bin/stat -c %C /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/selrole: Executing '/usr/bin/stat -c %C /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/seltype: Executing '/usr/bin/stat -c %C /var/lib/puppet/clientbucket' </pre> The SELinux user, role and type is outputted from one invocation of either stat or matchpathcon: <pre> [EMAIL PROTECTED] ~]# /usr/bin/stat -c %C /var/lib/puppet/clientbucket system_u:object_r:var_lib_t [EMAIL PROTECTED] ~]# /usr/sbin/matchpathcon /var/lib/puppet/clientbucket /var/lib/puppet/clientbucket system_u:object_r:var_lib_t </pre> When the number of files that puppet has to touch grows significantly, the amount of syscalls it is making on behalf of SELinux operations is growing a lot more (albeit, only linearly). These are only two examples but I think given the number of larger installations it is wise to think about the performance impact of running Puppet. I have noticed a significant increase in load on my clients after upgrading to 0.24.6 which has a lot more SELinux support. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
