Issue #508: Pulp selinux unecessarily specifies semanage port statements - Pulp

Actions

Send by e-mail Copy link

Issue #508

closed

Pulp selinux unecessarily specifies semanage port statements

Added by bmbouter almost 9 years ago. Updated over 4 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

bmbouter

Category:

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

1. Low

Version:

Master

Platform Release:

2.6.0

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Pulp 2

Sprint:

Quarter:

Description

The largest part of a pulp installation time is the installation of the pulp-selinux package. Of that package, each call to semanage adds significant time. These can be batched into one transaction which should allow all the calls to occur in constant time. Not all calls can be part of the same transaction, but these [0] area a good candidate for consolidation.

[0]: https://github.com/pulp/pulp/blob/228acff740c32acc6f9b0d9bfb722e162bd638aa/server/selinux/server/enable.sh#L30

+ This bug was cloned from Bugzilla Bug #1136919 +

Actions

Copy link

Updated by bmbouter almost 9 years ago

There are three areas where SELinux install/uninstall takes a long time. This BZ only tracks one of those defects.

- The amqp_port_t port checking and asserting [0]. This bug resolves this one.
- The installation of two SELinux modules instead of one takes twice as long [1]. This should be resolved by [2] BZ 1148998.
- The constant re-running of file system labeling with each pulp release. This will be resolved with [3].

[0]: https://github.com/pulp/pulp/blob/553edf38c1e1cd5a3e99bfdcae810c3e9ef39137/server/selinux/server/enable.sh#L37
[1]: https://github.com/pulp/pulp/blob/553edf38c1e1cd5a3e99bfdcae810c3e9ef39137/server/selinux/server/enable.sh#L18
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1148998
[3]: https://bugzilla.redhat.com/show_bug.cgi?id=1145720

+ This comment was cloned from Bugzilla #1136919 comment 1 +

Actions

Copy link