diff options
Diffstat (limited to '0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch')
| -rw-r--r-- | 0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch b/0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch new file mode 100644 index 0000000..b5bb385 --- /dev/null +++ b/0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch @@ -0,0 +1,78 @@ +From 3046af080baad9935627ebb671950448cfd0fa7b Mon Sep 17 00:00:00 2001 +From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> +Date: Wed, 26 Apr 2023 15:59:46 +0300 +Subject: [PATCH] daemon/selinux-relabel: run setfiles with "-T 0", if + supported + +Since SELinux userspace v3.4 [1], setfiles command supports "-T nthreads" +option, which allows parallel execution. "-T 0" allows using as many +threads as there're available CPU cores. This might speed up the process +of filesystem relabeling in case the appliance is being run with multiple +vCPUs. The latter is true for at least v2v starting from d2b64ecc67 +("v2v: Set the number of vCPUs to same as host number of pCPUs."). + +For instance, when running virt-v2v-in-place on my 12-core Xeon host +with SSD, with appliance being run with 8 vCPUs (the upper limit specified +in d2b64ecc67), and on the ~150GiB disk VM (physical size on the host), +I get the following results: + +./in-place/virt-v2v-in-place -i libvirt fedora37-vm -v -x + +Without this patch: +... +commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M +libguestfs: trace: v2v: selinux_relabel = 0 +libguestfs: trace: v2v: rm_f "/.autorelabel" +guestfsd: => selinux_relabel (0x1d3) took 17.94 secs +... + +With this patch: +... +commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -T 0 -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M +libguestfs: trace: v2v: selinux_relabel = 0 +libguestfs: trace: v2v: rm_f "/.autorelabel" +guestfsd: => selinux_relabel (0x1d3) took 5.88 secs +... + +So in my scenario it's getting 3 times faster. + +[1] https://github.com/SELinuxProject/selinux/releases/tag/3.4 + +Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> +Reviewed-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Richard W.M. Jones <rjones@redhat.com> +(cherry picked from commit d0d8e6738477148a7b752348f9364a3b8faed67f) +--- + daemon/selinux-relabel.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c +index 60a6f48a..cfc5a31d 100644 +--- a/daemon/selinux-relabel.c ++++ b/daemon/selinux-relabel.c +@@ -73,6 +73,7 @@ do_selinux_relabel (const char *specfile, const char *path, + { + static int flag_m = -1; + static int flag_C = -1; ++ static int flag_T = -1; + const char *argv[MAX_ARGS]; + CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL, + *s_sys = NULL, *s_specfile = NULL, *s_path = NULL; +@@ -131,6 +132,17 @@ do_selinux_relabel (const char *specfile, const char *path, + if (setfiles_has_option (&flag_C, 'C')) + ADD_ARG (argv, i, "-C"); + ++ /* If the appliance is being run with multiple vCPUs, running setfiles ++ * in multithreading mode might speeds up the process. Option "-T" was ++ * introduced in SELinux userspace v3.4, and we need to check whether it's ++ * supported. Passing "-T 0" creates as many threads as there're available ++ * vCPU cores. ++ * https://github.com/SELinuxProject/selinux/releases/tag/3.4 ++ */ ++ if (setfiles_has_option (&flag_T, 'T')) { ++ ADD_ARG (argv, i, "-T"); ADD_ARG (argv, i, "0"); ++ } ++ + /* Relabelling in a chroot. */ + if (STRNEQ (sysroot, "/")) { + ADD_ARG (argv, i, "-r"); |