seinfo is got significantly slower because of the fix for issue #17

Question

seinfo is got significantly slower because of the fix for issue #17

vmojzis opened this issue 6 years ago · 1 comments

setools 4.2.0
=====
# time sesearch --allow -s realmd_t -t authconfig_t -c process -p transition
allow realmd_t authconfig_t:process transition;

real	0m3.712s
user	0m3.576s
sys	0m0.102s

setools 4.2.1
=====
# time sesearch --allow -s realmd_t -t authconfig_t -c process -p transition
allow realmd_t authconfig_t:process transition;

real	0m8.143s
user	0m7.762s
sys	0m0.265s

In case of seinfo the difference is even larger:

4.2.0
=====
# time seinfo -tcluster_t -x

Types: 1
   type cluster_t alias { corosync_t aisexec_t rgmanager_t pacemaker_t }, can_read_shadow_passwords, can_write_shadow_passwords, can_relabelto_shadow_passwords, nsswitch_domain, can_change_object_identity, can_load_kernmodule, can_load_policy, can_setbool, can_setenforce, can_setsecparam, corenet_unconfined_type, corenet_unlabeled_type, devices_unconfined_type, domain, files_unconfined_type, filesystem_unconfined_type, fixed_disk_raw_read, kern_unconfined, kernel_system_state_reader, named_filetrans_domain, netlabel_peer_type, process_uncond_exempt, selinux_unconfined_type, storage_unconfined_type, unconfined_domain_type, dbusd_unconfined, initrc_transition_domain, daemon, initrc_domain, syslog_client_type, sepgsql_unconfined_type, cluster_domain, can_relabelto_binary_policy, userdom_filetrans_type, virsh_transition_domain, x_domain, xserver_unconfined_type;

real	0m0.530s
user	0m0.357s
sys	0m0.158s
#

4.2.1
=====
# time seinfo -tcluster_t -x

Types: 1
   type cluster_t alias { corosync_t aisexec_t rgmanager_t pacemaker_t }, can_read_shadow_passwords, can_write_shadow_passwords, can_relabelto_shadow_passwords, nsswitch_domain, can_change_object_identity, can_load_kernmodule, can_load_policy, can_setbool, can_setenforce, can_setsecparam, corenet_unconfined_type, corenet_unlabeled_type, devices_unconfined_type, domain, files_unconfined_type, filesystem_unconfined_type, fixed_disk_raw_read, kern_unconfined, kernel_system_state_reader, named_filetrans_domain, netlabel_peer_type, process_uncond_exempt, selinux_unconfined_type, storage_unconfined_type, unconfined_domain_type, dbusd_unconfined, initrc_transition_domain, daemon, initrc_domain, syslog_client_type, sepgsql_unconfined_type, cluster_domain, can_relabelto_binary_policy, userdom_filetrans_type, virsh_transition_domain, x_domain, xserver_unconfined_type;

real	0m6.080s
user	0m5.747s
sys	0m0.253s

Testing of setools 4.2.1 without the fixes for issue #17 showed similar results to setools 4.2.0 above.

Answer 1 · 2019-04-25T08:09:44.000Z

The performance issue seems to be caused by Type.aliases().

>>> import setools
>>> import cProfile
>>> p = setools.SELinuxPolicy(None)
>>> cProfile.run('[[y for y in x.aliases()] for x in p.types()]')
         19741 function calls in 6.385 seconds

   Ordered by: standard name

   ncalls  tottime  percall  cumtime  percall filename:lineno(function)
     4934    0.005    0.000    0.005    0.000 <string>:1(<listcomp>)
        1    0.000    0.000    6.470    6.470 <string>:1(<module>)
     9868    0.019    0.000    0.019    0.000 weakref.py:395(__getitem__)
        1    0.000    0.000    0.000    0.000 weakref.py:408(__setitem__)
        1    0.000    0.000    6.470    6.470 {built-in method builtins.exec}
     4934    6.361    0.001    6.361    0.001 {method 'aliases' of 'setools.policyrep.Type' objects}
        1    0.000    0.000    0.000    0.000 {method 'disable' of '_lsprof.Profiler' objects}
        1    0.000    0.000    0.000    0.000 {method 'types' of 'setools.policyrep.SELinuxPolicy' objects}