As we develop SELinux we are adding new labels to homedir content
Lennart Poettering
mzerqung at 0pointer.de
Fri Jun 1 13:36:06 UTC 2012
On Fri, 01.06.12 09:13, Daniel J Walsh (dwalsh at redhat.com) wrote:
> > (I wouldn't care too much about homedirs outside of /home. A not in the
> > release notes for such cases should suffice)
> >
> > Lennart
> >
>
> Well it is slow in the same sense as find /home would be slow, restorecon is
> using fts or ntfs to walk the file system and reads in the SELinux Context
> (getxattr), asks SELinux what it should be labeled (matchpathcon), does a
> compare, if they are different, does a setxattr on the inode. Depends on the
> number of inodes in the /home dir.
>
> You could time it doing a restorecon -R -v /home right now, my system which
> has piled up a ton of crap and exploded development pools takes nearly 2 minutes.
>
> time restorecon -R /home
>
> real 1m42.677s
> user 0m41.747s
> sys 0m39.888s
>
>
> If you had Huge file systems it could take a large amount of time.
On my system here (with SSD) this appears to be CPU bound, not IO
bound. Hence optimizing this to be fully parallelized might be worth a
try?
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list