On Monday 22 January 2007 10:13, Stephen Smalley wrote: >On Sun, 2007-01-21 at 17:11 -0500, Gene Heskett wrote: >> On Sunday 21 January 2007 14:36, Lyvim Xaphir wrote: >> >On Sun, 2007-01-21 at 01:14 -0500, R. G. Newbury wrote: >> >> David Boles wrote: >> >> [and I snipped, we have enough trolls under this bridge already] >> >> Also, to add a bit of fuel to the fire, I just rebuilt my 2.6.20-rc4 >> again after having found some more selinux stuff in the previous build >> that I am now running without. >> >> 1: Now my logs are clean again. >> >> 2: It took me 27 minutes to build that selinux free kernel. Now check >> this, after having added quite a few usb network related modules as >> I'm trying to get into a wap11 via the usb port, which will allow me >> to do a reset to factory, something I cannot do from the snmp >> interface because that interface requires the old password, something >> I've forgotten in the 8 months since I last used this device. >> >> #> time ./makeit >> [snip about 200k of make output] >> All done! Edit grub.conf, reboot and chose your kernel at the grub >> prompt >> >> real 8m42.183s >> user 4m21.606s >> sys 1m11.805s >> [root@coyote linux-2.6.20-rc4]# >> >> Now, I could have done something to speed this system up that's not >> related to selinux, but the only things I've done is to rip out the >> livna versions of mplayer and mplayerplugin with --nodeps, and put >> them back in from dries before they were missed, and then restart >> firefox from its own file menu pulldown, (normal quits and re-runs >> didn't seem to do it) and now both foxnews and cnn video's now play, >> although cnn's videos act like the server is in need of quite a bit >> more iron in its diet. >> >> Now, somebody, preferably Dr. Smalley, please explain to me why I >> should run something that takes a 9 minute compile and makes it take >> 27 minutes to do it. And the rest of the system just plain feels >> snappier. > >(1) I'm not a PhD. Oh, I guess I was echoing someone else who made that assumption. >(2) If SELinux tripled your kernel compile time, then something is >terribly wrong with it. I've never seen that kind of overhead in kernel >compile benchmarks, not even close. More like a few percent. Please >verify that you are using comparable baselines (e.g. same kernel other >than selinux options in .config) The first version of this kernel, 2.6.20-rc4, was a clean build, but apparently with pretty close to an allyes config, and no idea how that happened. That took 37 minutes on an XP2800 Athlon with a gig of ram. The next build, I had gone about halfway down the make xconfig menu canceling stuff I knew I didn't need or my mobo didn't support. That took 33 minutes to build. The third time I'd gone through it specificly looking for selinux related stuff and turning it off. It was at that point my logs started being flooded with those messages I posted, but I found that one of the selinux related things in services was still being run so I stopped that and the messages went away. That was audit probably but don't make me lay a hand on the good book when I say it, too much is going on There was a concurrant edit to the crond script in /etc/pam.d also. That build took 27 minutes. Then the 4th time I was trying to get access to a wap11 through its usb port so I could reset the password and a few other things & maybe put it back to use. So that build actually built more modules than the 3rd one, (BTW, that didn't work, and no one answered my question about it here on this list. I still had to plug it into my lappy and run the winderz crap to do that. Gives me the hives.) This is the build that took a bit less than 9 minutes. To me the major diff there is that this was the first kernel built with a kernel built without as much selinux as I could turn off, and rebooted to with an 'selinux=0' as an additional argument in the grub kernel command line. >and tests (are you sure your second >build was from a clean state, and was there any other system activity >ongoing during either build?). Can you reproduce the result reliably? I believe I could reboot to 2.6.20-rc3., start all the stopped services and then rebuild this kernel I suppose. Seems like a waste of time though.. As for 'system activity', fetchmail, procmail, spamassassin were all running, and I may have had a session of patience (solitaire) running, or browsing the web. Or all of the above, linux does multitask you know. :) I am using ccache though, and its du -b indicates its using about 1.5GB. My makeit script does a make clean at the top of it. It does everything but edit grub.conf for me, and maintains the old kernel and initrd & /lib/modules/$VER in a state that a foobar fix is a matter of deleting the new stuff and renaming the old to its original names. >Were any audit/avc messages generated during either build, >to /var/log/messages or /var/log/audit/audit.log (if running auditd)? Apparently not for the last build. >-- >Stephen Smalley >National Security Agency -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2007 by Maurice Eugene Heskett, all rights reserved.
