I've attached a patch for selinux/module/selinux_plug/psid.c that fixes an oversight that was causing significant performance degradation on file creation and file relabeling operations. To apply this patch, save it to psid.patch, change to the selinux directory and run 'patch -p1 < psid.patch'. This patch will be included in the next release.
If you're not interested in the explanation for the patch, you can stop reading this message now and just apply the patch.
First, some background for the patch, starting with some information already provided in the selinux/CHANGES file. Since LSM provides all of its file-related hooks in the VFS layer and does not provide any low-level filesystem-specific hooks, the SELinux persistent label mapping was changed to maintain the inode-to-PSID mapping in a regular file rather than using a spare field in the ext2 on-disk inode. This change should allow SELinux to support other file system types more easily, but has disadvantages in terms of performance and consistency. This was the approach used in the Flask prototype, and it is also used by some other systems in order to avoid any dependency on the particular file system type. Naturally, if support for extended attributes becomes integrated into the mainstream Linux kernel, SELinux will be modified to take advantage of it when possible.
The original SELinux persistent label mapping already maintained two mapping files in each file system: the first file is indexed by PSID and stores a (offset, length) pair into the second file, which stores the actual security contexts. Synchronous writes are used to update these two files and the writes are ordered to ensure that there are no dangling references to a context or to a PSID. But these two files are only updated when a new security context is first used for a file in a file system, so such writes are rare after the initial labeling of the file system. Since the PSID was originally stored in the on-disk ext2 inode, updating the PSID in the on-disk inode was handled asynchronously like any other update to the inode.
When the inode-to-PSID mapping file was added for the LSM-based prototype, it also happened to be opened with O_SYNC like the other mapping files. Consequently, updating the PSID for an inode suddenly required a synchronous write. Naturally, this makes the file creation and file relabeling operations much more expensive. The attached patch simply changes the persistent labeling implementation to _not_ use O_SYNC for the inode-to-PSID mapping file. Thus, updating the PSID for an inode is once again asynchronous, although it is unfortunately no longer coupled with updating the rest of the inode state. Hopefully, this will all be made moot once support for extended attributes becomes mainstream.
--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com
Index: selinux/module/selinux_plug/psid.c
diff -u selinux/module/selinux_plug/psid.c:1.7 selinux/module/selinux_plug/psid.c:1.8
--- selinux/module/selinux_plug/psid.c:1.7 Tue Aug 7 09:17:34 2001
+++ selinux/module/selinux_plug/psid.c Fri Aug 31 09:06:38 2001
@@ -507,7 +507,9 @@
/* "Open" the file and set it for synchronous writes */
rc = init_private_file(&t->files[index], file, 3);
- t->files[index].f_flags = O_RDWR | O_SYNC;
+ t->files[index].f_flags = O_RDWR;
+ if (index == PSEC_CONTEXTS || index == PSEC_INDEX)
+ t->files[index].f_flags |= O_SYNC;
if (rc) {
printk("psidfiles_init: init_private_file returned %d\n", -rc);
goto bad_file;
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT