Issue #1702 has been updated by jamtur01. Status changed from Ready for Testing to Closed
Pushed. ---------------------------------------- Bug #1702: SELinux code inefficiently makes syscalls to stat and matchpathcon http://projects.reductivelabs.com/issues/show/1702 Author: ohookins Status: Closed Priority: Normal Assigned to: seanmil Category: file Target version: 0.24.7 Complexity: Unknown Affected version: 0.24.6 Keywords: <pre> debug: /File[/var/lib/puppet/clientbucket]/seluser: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/seluser: Found seluser default 'system_u' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/selrole: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/selrole: Found selrole default 'object_r' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/seltype: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/seltype: Found seltype default 'var_lib_t' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/selrange: Executing '/usr/sbin/matchpathcon /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/selrange: Found selrange default '' for /var/lib/puppet/clientbucket debug: /File[/var/lib/puppet/clientbucket]/seluser: Executing '/usr/bin/stat -c %C /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/selrole: Executing '/usr/bin/stat -c %C /var/lib/puppet/clientbucket' debug: /File[/var/lib/puppet/clientbucket]/seltype: Executing '/usr/bin/stat -c %C /var/lib/puppet/clientbucket' </pre> The SELinux user, role and type is outputted from one invocation of either stat or matchpathcon: <pre> [EMAIL PROTECTED] ~]# /usr/bin/stat -c %C /var/lib/puppet/clientbucket system_u:object_r:var_lib_t [EMAIL PROTECTED] ~]# /usr/sbin/matchpathcon /var/lib/puppet/clientbucket /var/lib/puppet/clientbucket system_u:object_r:var_lib_t </pre> When the number of files that puppet has to touch grows significantly, the amount of syscalls it is making on behalf of SELinux operations is growing a lot more (albeit, only linearly). These are only two examples but I think given the number of larger installations it is wise to think about the performance impact of running Puppet. I have noticed a significant increase in load on my clients after upgrading to 0.24.6 which has a lot more SELinux support. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
