libsemanage/SOURCES/0018-libsemanage-improve-performance-of-semanage-store-re.patch

From e2f78cfc2917dfbddf2bdda6ba2fcc8c645e6f65 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Tue, 25 Feb 2025 08:55:23 +0100
Subject: [PATCH] libsemanage: improve performance of semanage store rebuild

Commit 9d107ab77ba4 ("libsemanage: Set new restorecon handle before doing restorecon
") added reopeniong selabel handle every time semanage_setfiles() is
called. It means that during `semodule -B`, `selabel_close()` and
`selabel_open()` could be called more than 1800x what could have a
significant performance impact.

It should be enough to reopen selabel handle just after semanage commit
when changes are applied.

Before 9d107ab77ba4:
    semodule -B  5.84s user 0.52s system 96% cpu 6.585 total

After 9d107ab77ba4:
    semodule -B  11.15s user 0.64s system 98% cpu 11.952 total

With this patch:
    semodule -B  5.51s user 0.41s system 98% cpu 6.014 total

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: Jason Zaman <jason@perfinion.com>
---
 libsemanage/src/semanage_store.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 33b950ff..b24065e4 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -1724,6 +1724,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 	    semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
 	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
 	struct stat buf;
+	struct selabel_handle *sehandle;
 
 	/* update the commit number */
 	if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
@@ -1830,6 +1831,8 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 
       cleanup:
 	semanage_release_active_lock(sh);
+	sehandle = selinux_restorecon_default_handle();
+	selinux_restorecon_set_sehandle(sehandle);
 	return retval;
 }
 
@@ -3023,14 +3026,10 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
 void semanage_setfiles(const char *path){
 	struct stat sb;
 	int fd;
-	struct selabel_handle *sehandle;
 
 	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
 	union selinux_callback cb = { .func_log = log_callback_mute };
 
-	sehandle = selinux_restorecon_default_handle();
-	selinux_restorecon_set_sehandle(sehandle);
-
 	/* Mute all logs */
 	selinux_set_callback(SELINUX_CB_LOG, cb);
 
-- 
2.48.1