Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: 'install' command goes "oink!" after recent updates.: msg#00176
|
Subject: |
Re: 'install' command goes "oink!" after recent updates. |
Valdis.Kletnieks@xxxxxx wrote:
coreutils-5.93-4
libsepol-1.9.41-1
libsemanage-1.3.59-1
libsetrans-0.1.8-1
Not sure if this is a coreutils bug or an selinux bug. Recently, I noticed
that a 'make install' that called /usr/bin/install ran *very* slowly:
% time cp hello.c /tmp/hello.c
real 0m0.040s
user 0m0.008s
sys 0m0.016s
% time /usr/bin/install -c -m 644 hello.c /tmp/hello.c
real 0m4.641s
user 0m1.608s
sys 0m0.388s
Literally 100 times slower. Gaak.
A bit of playing with strace showed why:
strace install -c -m 644 hello.c /tmp/hello.c
7,745 system calls. Of those, only 297 were *not* part of the 1,862 times
that 'install' did an open/write/read/close of /selinux/context - once for every
single file context type it found, whether or not it had anything to do with
the file that was actually being installed.
This is a show-stopper guys - when something like this bloats a 'make install'
from something that takes 2 minute into something that you don't bother checking
until you get back from lunch, it *will* add dramatically to the "security takes
waaaay too much resources" bandwagon.
Almost-full strace follows.
execve("/usr/bin/install", ["install", "-c", "-m", "644", "hello.c",
"/tmp/hello.c"], [/* 56 vars */]) = 0
brk(0) = 0x805a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f16000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=72776, ...}) = 0
mmap2(NULL, 72776, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f04000
close(3) = 0
open("/usr/lib/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\23"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=24996, ...}) = 0
mmap2(NULL, 27832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7efd000
mmap2(0xb7f03000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7f03000
close(3) = 0
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`2\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=83848, ...}) = 0
mmap2(NULL, 85008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7ee8000
mmap2(0xb7efc000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb7efc000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0ZW\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1460028, ...}) = 0
mmap2(NULL, 1227740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7dbc000
mmap2(0xb7ee2000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x125) = 0xb7ee2000
mmap2(0xb7ee6000, 7132, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ee6000
close(3) = 0
open("/usr/lib/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\v\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=32990, ...}) = 0
mmap2(NULL, 15376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7db8000
mmap2(0xb7dbb000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb7dbb000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\f\0\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=13892, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7db7000
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7db3000
mmap2(0xb7db5000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7db5000
close(3) = 0
open("/lib/libsepol.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200#\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=204168, ...}) = 0
mmap2(NULL, 249380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7d76000
mmap2(0xb7da8000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x31) = 0xb7da8000
mmap2(0xb7da9000, 40484, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7da9000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7d75000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7d756b0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0xb7db5000, 4096, PROT_READ) = 0
mprotect(0xb7ee2000, 8192, PROT_READ) = 0
mprotect(0xb7f30000, 4096, PROT_READ) = 0
munmap(0xb7f04000, 72776) = 0
access("/etc/selinux/", F_OK) = 0
brk(0) = 0x805a000
brk(0x807b000) = 0x807b000
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=71, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f15000
read(3, "# Stray comment\nSELINUX=permissi"..., 4096) = 71
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f15000, 4096) = 0
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f15000
read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 1024
close(3) = 0
munmap(0xb7f15000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=72776, ...}) = 0
mmap2(NULL, 72776, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f04000
close(3) = 0
open("/lib/libsetrans.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\n\0\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=6804, ...}) = 0
mmap2(NULL, 9680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7d72000
mmap2(0xb7d74000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7d74000
close(3) = 0
munmap(0xb7f04000, 72776) = 0
open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
read(3, "1", 19) = 1
close(3) = 0
open("/etc/selinux/strict/setrans.conf", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=594, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f15000
read(3, "#\n# Multi-Category Security tran"..., 4096) = 594
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f15000, 4096) = 0
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 305
open("/proc/self/attr/current", O_RDONLY|O_LARGEFILE) = 4
read(4, "valdis:staff_r:staff_t:s0-s0:c0."..., 4095) = 37
close(4) = 0
close(3) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=54054656, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7b72000
mmap2(NULL, 204800, PROT_READ, MAP_PRIVATE, 3, 0x121f) = 0xb7b40000
mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE, 3, 0x2b89) = 0xb7b3f000
close(3) = 0
geteuid32() = 967
umask(0) = 022
stat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
stat64("hello.c", {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
stat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
unlink("/tmp/hello.c") = 0
open("hello.c", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
open("/tmp/hello.c", O_WRONLY|O_CREAT|O_LARGEFILE, 0100664) = 4
fstat64(4, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0664, st_size=35, ...}) = 0
read(3, "main() {printf(\"Hello world!\\n\")"..., 4096) = 35
write(4, "main() {printf(\"Hello world!\\n\")"..., 35) = 35
read(3, "", 4096) = 0
close(4) = 0
close(3) = 0
setxattr("/tmp/hello.c", "system.posix_acl_access",
"\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x00\x00\xff\xff\xff\xff
\x00\x00\x00\xff\xff\xff\xff", 28, 0) = -1 EOPNOTSUPP (Operation not supported)
chmod("/tmp/hello.c", 0600) = 0
chown32("/tmp/hello.c", -1, -1) = 0
chmod("/tmp/hello.c", 0644) = 0
lstat64("/tmp/hello.c", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3
read(3, "1", 19) = 1
close(3) = 0
open("/etc/selinux/strict/contexts/files/file_contexts", O_RDONLY|O_LARGEFILE)
= 3
open("/etc/selinux/strict/contexts/files/file_contexts.homedirs",
O_RDONLY|O_LARGEFILE) = 4
open("/etc/selinux/strict/contexts/files/file_contexts.local",
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
fstat64(3, {st_mode=S_IFREG|0644, st_size=114044, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7b3e000
read(3, "# Distro-specific customizations"..., 4096) = 4096
read(3, "b[^/]*\\.so(\\.[^/]*)* --\tsystem_u"..., 4096) = 4096
read(3, "ovable device...\n/dev/pd[a-d][^/"..., 4096) = 4096
read(3, "r:bin_t:s0\n/opt(/.*)?/sbin(/.*)?"..., 4096) = 4096
read(3, "*)?\tsystem_u:object_r:man_t:s0\n/"..., 4096) = 4096
read(3, "/usr/sbin/accton\t--\tsystem_u:obj"..., 4096) = 4096
read(3, "-\tsystem_u:object_r:amanda_user_"..., 4096) = 4096
read(3, "\n/var/run/\\.?acpid\\.socket\t-s\tsy"..., 4096) = 4096
read(3, "ject_r:comsat_exec_t:s0\n# consol"..., 4096) = 4096
read(3, "r:bin_t:s0\n/usr/lib(64)?/cups/cg"..., 4096) = 4096
read(3, "larm-notify.*\t--\tsystem_u:object"..., 4096) = 4096
read(3, "object_r:xferlog_t:s0\n/var/log/x"..., 4096) = 4096
read(3, "usr/lib/gnupg/.*\t--\tsystem_u:obj"..., 4096) = 4096
read(3, "_t:s0\n/etc/init\\.d/.*\t\t--\tsystem"..., 4096) = 4096
read(3, "tem_u:object_r:innd_exec_t:s0\n# "..., 4096) = 4096
read(3, "--\tsystem_u:object_r:load_policy"..., 4096) = 4096
read(3, "ct_r:lvm_exec_t:s0\n/sbin/vgscan\t"..., 4096) = 4096
read(3, "luggerrc system_u:object_r:mozil"..., 4096) = 4096
read(3, "\t\tsystem_u:object_r:ntpd_log_t:s"..., 4096) = 4096
read(3, "\n/usr/sbin/postqueue\t--\tsystem_u"..., 4096) = 4096
read(3, "voxy(/.*)?\t\tsystem_u:object_r:pr"..., 4096) = 4096
read(3, "_u:object_r:samba_log_t:s0\n/var/"..., 4096) = 4096
read(3, "var_run_t:s0\n/var/run/snmpd\t\t-d\t"..., 4096) = 4096
read(3, "ct_r:traceroute_exec_t:s0\n/usr/b"..., 4096) = 4096
read(3, ":s0\n#/usr/local/vmware/[^/]*/.*\\"..., 4096) = 4096
read(3, "on\n/usr/sbin/zebra\t\t--\tsystem_u:"..., 4096) = 4096
read(3, "tem_u:object_r:bin_t:s0\n/emul/ia"..., 4096) = 4096
read(3, "r:texrel_shlib_t:s0\n/usr/lib/lad"..., 4096) = 3452
read(3, "", 4096) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=9381, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7b3d000
read(4, "\n#\n#\n# User-specific file contex"..., 4096) = 4096
read(4, "onts.cache-.*\t--\troot:object_r:s"..., 4096) = 4096
read(4, "me_t:s0\n/home/valdis/\\.screenrc\t"..., 4096) = 1189
read(4, "", 4096) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
_llseek(4, 0, [0], SEEK_SET) = 0
read(3, "# Distro-specific customizations"..., 4096) = 4096
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "system_u:object_r:default_t:s0\0", 31) = 31
read(5, "system_u:object_r:default_t:s0\0", 4095) = 31
close(5) = 0
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "system_u:object_r:root_t:s0\0", 28) = 28
read(5, "system_u:object_r:root_t:s0\0", 4095) = 28
close(5) = 0
(1,858 iterations of open/write/read/close deleted)
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "valdis:object_r:staff_orbit_tmp_"..., 37) = 37
read(5, "valdis:object_r:staff_orbit_tmp_"..., 4095) = 37
close(5) = 0
open("/selinux/context", O_RDWR|O_LARGEFILE) = 5
write(5, "valdis:object_r:staff_orbit_tmp_"..., 37) = 37
read(5, "valdis:object_r:staff_orbit_tmp_"..., 4095) = 37
close(5) = 0
close(3) = 0
munmap(0xb7b3e000, 4096) = 0
close(4) = 0
munmap(0xb7b3d000, 4096) = 0
brk(0x863e000) = 0x863e000
close(1) = 0
munmap(0xb7d72000, 9680) = 0
exit_group(0) = ?
Process 17917 detached
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Sounds like that is probably the udev problem also.
--
|
| |
