import UBI libsemanage-2.9-12.el8_10

SOURCES/0018-libsemanage-improve-performance-of-semanage-store-re.patch

@@ -0,0 +1,68 @@
+From e2f78cfc2917dfbddf2bdda6ba2fcc8c645e6f65 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <lautrbach@redhat.com>
+Date: Tue, 25 Feb 2025 08:55:23 +0100
+Subject: [PATCH] libsemanage: improve performance of semanage store rebuild
+
+Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
+") added reopeniong selabel handle every time semanage_setfiles() is
+called. It means that during `semodule -B`, `selabel_close()` and
+`selabel_open()` could be called more than 1800x what could have a
+significant performance impact.
+
+It should be enough to reopen selabel handle just after semanage commit
+when changes are applied.
+
+Before 9d107ab77ba4:
+    semodule -B  5.84s user 0.52s system 96% cpu 6.585 total
+
+After 9d107ab77ba4:
+    semodule -B  11.15s user 0.64s system 98% cpu 11.952 total
+
+With this patch:
+    semodule -B  5.51s user 0.41s system 98% cpu 6.014 total
+
+Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
+Acked-by: Jason Zaman <jason@perfinion.com>
+---
+ libsemanage/src/semanage_store.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index 33b950ff..b24065e4 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -1724,6 +1724,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
+ 	    semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
+ 	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
+ 	struct stat buf;
++	struct selabel_handle *sehandle;
+ 
+ 	/* update the commit number */
+ 	if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
+@@ -1830,6 +1831,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
+ 
+       cleanup:
+ 	semanage_release_active_lock(sh);
++	sehandle = selinux_restorecon_default_handle();
++	selinux_restorecon_set_sehandle(sehandle);
+ 	return retval;
+ }
+ 
+@@ -3023,14 +3026,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
+ void semanage_setfiles(const char *path){
+ 	struct stat sb;
+ 	int fd;
+-	struct selabel_handle *sehandle;
+ 
+ 	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
+ 	union selinux_callback cb = { .func_log = log_callback_mute };
+ 
+-	sehandle = selinux_restorecon_default_handle();
+-	selinux_restorecon_set_sehandle(sehandle);
+-
+ 	/* Mute all logs */
+ 	selinux_set_callback(SELINUX_CB_LOG, cb);
+ 
+-- 
+2.48.1
+

SPECS/libsemanage.spec

@@ -4,7 +4,7 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.9
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: LGPLv2+
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libsemanage-2.9.tar.gz
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
@@ -25,6 +25,7 @@ Patch0014: 0014-libsemanage-always-write-kernel-policy-when-check_ex.patch
 Patch0015: 0015-libsemanage-Preserve-file-context-and-ownership-in-p.patch
 Patch0016: 0016-libsemanage-Mute-error-messages-from-selinux_restore.patch
 Patch0017: 0017-libsemanage-Set-new-restorecon-handle-before-doing-r.patch
+Patch0018: 0018-libsemanage-improve-performance-of-semanage-store-re.patch
 
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
@@ -171,6 +172,9 @@ rm %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store~
 %{_libexecdir}/selinux/semanage_migrate_store
 
 %changelog
+* Sun Apr 06 2025 Vit Mojzis <vmojzis@redhat.com> - 2.9-12
+- improve performance of semanage store rebuild (RHEL-86057)
+
 * Fri Jan 24 2025 Petr Lautrbach <lautrbach@redhat.com> - 2.9-11
 - Set new restorecon handle before doing restorecon (RHEL-73348)
 - Mute error messages from selinux_restorecon