* [PATCH] python/sepolicy: Cache conditional rule queries
@ 2023-01-24 20:26 Vit Mojzis
2023-01-30 17:58 ` [PATCH v2] " Vit Mojzis
0 siblings, 1 reply; 4+ messages in thread
From: Vit Mojzis @ 2023-01-24 20:26 UTC (permalink / raw)
To: selinux
Commit 7506771e4b630fe0ab853f96574e039055cb72eb
"add missing booleans to man pages" dramatically slowed down
"sepolicy manpage -a" by removing caching of setools rule query.
Re-add said caching and update the query to only return conditional
rules.
Before commit 7506771e:
#time sepolicy manpage -a
real 1m43.153s
# time sepolicy manpage -d httpd_t
real 0m4.493s
After commit 7506771e:
#time sepolicy manpage -a
real 1h56m43.153s
# time sepolicy manpage -d httpd_t
real 0m8.352s
After this commit:
#time sepolicy manpage -a
real 1m41.074s
# time sepolicy manpage -d httpd_t
real 0m7.358s
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
I'm really sorry about the regression.
python/sepolicy/sepolicy/__init__.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index e2d5c11a..e220ce14 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -125,6 +125,7 @@ all_attributes = None
booleans = None
booleans_dict = None
all_allow_rules = None
+all_bool_rules = None
all_transitions = None
@@ -1136,6 +1137,14 @@ def get_all_allow_rules():
all_allow_rules = search([ALLOW])
return all_allow_rules
+def get_all_bool_rules():
+ global all_bool_rules
+ if not all_bool_rules:
+ q = setools.TERuleQuery(_pol, boolean=".*", boolean_regex=True,
+ ruletype=[ALLOW, DONTAUDIT])
+ all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()]
+ return all_bool_rules
+
def get_all_transitions():
global all_transitions
if not all_transitions:
@@ -1146,7 +1155,7 @@ def get_bools(setype):
bools = []
domainbools = []
domainname, short_name = gen_short_name(setype)
- for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
+ for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())):
for b in i:
if not isinstance(b, tuple):
continue
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2] python/sepolicy: Cache conditional rule queries
2023-01-24 20:26 [PATCH] python/sepolicy: Cache conditional rule queries Vit Mojzis
@ 2023-01-30 17:58 ` Vit Mojzis
2023-02-01 15:20 ` James Carter
0 siblings, 1 reply; 4+ messages in thread
From: Vit Mojzis @ 2023-01-30 17:58 UTC (permalink / raw)
To: selinux
Commit 7506771e4b630fe0ab853f96574e039055cb72eb
"add missing booleans to man pages" dramatically slowed down
"sepolicy manpage -a" by removing caching of setools rule query.
Re-add said caching and update the query to only return conditional
rules.
Before commit 7506771e:
#time sepolicy manpage -a
real 1m43.153s
# time sepolicy manpage -d httpd_t
real 0m4.493s
After commit 7506771e:
#time sepolicy manpage -a
real 1h56m43.153s
# time sepolicy manpage -d httpd_t
real 0m8.352s
After this commit:
#time sepolicy manpage -a
real 1m41.074s
# time sepolicy manpage -d httpd_t
real 0m7.358s
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
* Remove "sepolicy." before TERuleQuery (left over from testing on older
version of userspace).
python/sepolicy/sepolicy/__init__.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index e2d5c11a..c177cdfc 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -125,6 +125,7 @@ all_attributes = None
booleans = None
booleans_dict = None
all_allow_rules = None
+all_bool_rules = None
all_transitions = None
@@ -1136,6 +1137,14 @@ def get_all_allow_rules():
all_allow_rules = search([ALLOW])
return all_allow_rules
+def get_all_bool_rules():
+ global all_bool_rules
+ if not all_bool_rules:
+ q = TERuleQuery(_pol, boolean=".*", boolean_regex=True,
+ ruletype=[ALLOW, DONTAUDIT])
+ all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()]
+ return all_bool_rules
+
def get_all_transitions():
global all_transitions
if not all_transitions:
@@ -1146,7 +1155,7 @@ def get_bools(setype):
bools = []
domainbools = []
domainname, short_name = gen_short_name(setype)
- for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
+ for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())):
for b in i:
if not isinstance(b, tuple):
continue
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] python/sepolicy: Cache conditional rule queries
2023-01-30 17:58 ` [PATCH v2] " Vit Mojzis
@ 2023-02-01 15:20 ` James Carter
2023-02-06 14:40 ` Petr Lautrbach
0 siblings, 1 reply; 4+ messages in thread
From: James Carter @ 2023-02-01 15:20 UTC (permalink / raw)
To: Vit Mojzis; +Cc: selinux
On Mon, Jan 30, 2023 at 1:01 PM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> Commit 7506771e4b630fe0ab853f96574e039055cb72eb
> "add missing booleans to man pages" dramatically slowed down
> "sepolicy manpage -a" by removing caching of setools rule query.
> Re-add said caching and update the query to only return conditional
> rules.
>
> Before commit 7506771e:
> #time sepolicy manpage -a
> real 1m43.153s
> # time sepolicy manpage -d httpd_t
> real 0m4.493s
>
> After commit 7506771e:
> #time sepolicy manpage -a
> real 1h56m43.153s
> # time sepolicy manpage -d httpd_t
> real 0m8.352s
>
> After this commit:
> #time sepolicy manpage -a
> real 1m41.074s
> # time sepolicy manpage -d httpd_t
> real 0m7.358s
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> * Remove "sepolicy." before TERuleQuery (left over from testing on older
> version of userspace).
>
> python/sepolicy/sepolicy/__init__.py | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
> index e2d5c11a..c177cdfc 100644
> --- a/python/sepolicy/sepolicy/__init__.py
> +++ b/python/sepolicy/sepolicy/__init__.py
> @@ -125,6 +125,7 @@ all_attributes = None
> booleans = None
> booleans_dict = None
> all_allow_rules = None
> +all_bool_rules = None
> all_transitions = None
>
>
> @@ -1136,6 +1137,14 @@ def get_all_allow_rules():
> all_allow_rules = search([ALLOW])
> return all_allow_rules
>
> +def get_all_bool_rules():
> + global all_bool_rules
> + if not all_bool_rules:
> + q = TERuleQuery(_pol, boolean=".*", boolean_regex=True,
> + ruletype=[ALLOW, DONTAUDIT])
> + all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()]
> + return all_bool_rules
> +
> def get_all_transitions():
> global all_transitions
> if not all_transitions:
> @@ -1146,7 +1155,7 @@ def get_bools(setype):
> bools = []
> domainbools = []
> domainname, short_name = gen_short_name(setype)
> - for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
> + for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())):
> for b in i:
> if not isinstance(b, tuple):
> continue
> --
> 2.37.3
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] python/sepolicy: Cache conditional rule queries
2023-02-01 15:20 ` James Carter
@ 2023-02-06 14:40 ` Petr Lautrbach
0 siblings, 0 replies; 4+ messages in thread
From: Petr Lautrbach @ 2023-02-06 14:40 UTC (permalink / raw)
To: James Carter, Vit Mojzis, selinux
James Carter <jwcart2@gmail.com> writes:
> On Mon, Jan 30, 2023 at 1:01 PM Vit Mojzis <vmojzis@redhat.com> wrote:
>>
>> Commit 7506771e4b630fe0ab853f96574e039055cb72eb
>> "add missing booleans to man pages" dramatically slowed down
>> "sepolicy manpage -a" by removing caching of setools rule query.
>> Re-add said caching and update the query to only return conditional
>> rules.
>>
>> Before commit 7506771e:
>> #time sepolicy manpage -a
>> real 1m43.153s
>> # time sepolicy manpage -d httpd_t
>> real 0m4.493s
>>
>> After commit 7506771e:
>> #time sepolicy manpage -a
>> real 1h56m43.153s
>> # time sepolicy manpage -d httpd_t
>> real 0m8.352s
>>
>> After this commit:
>> #time sepolicy manpage -a
>> real 1m41.074s
>> # time sepolicy manpage -d httpd_t
>> real 0m7.358s
>>
>> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
This is merged now. Thanks!
>> ---
>> * Remove "sepolicy." before TERuleQuery (left over from testing on older
>> version of userspace).
>>
>> python/sepolicy/sepolicy/__init__.py | 11 ++++++++++-
>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
>> index e2d5c11a..c177cdfc 100644
>> --- a/python/sepolicy/sepolicy/__init__.py
>> +++ b/python/sepolicy/sepolicy/__init__.py
>> @@ -125,6 +125,7 @@ all_attributes = None
>> booleans = None
>> booleans_dict = None
>> all_allow_rules = None
>> +all_bool_rules = None
>> all_transitions = None
>>
>>
>> @@ -1136,6 +1137,14 @@ def get_all_allow_rules():
>> all_allow_rules = search([ALLOW])
>> return all_allow_rules
>>
>> +def get_all_bool_rules():
>> + global all_bool_rules
>> + if not all_bool_rules:
>> + q = TERuleQuery(_pol, boolean=".*", boolean_regex=True,
>> + ruletype=[ALLOW, DONTAUDIT])
>> + all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()]
>> + return all_bool_rules
>> +
>> def get_all_transitions():
>> global all_transitions
>> if not all_transitions:
>> @@ -1146,7 +1155,7 @@ def get_bools(setype):
>> bools = []
>> domainbools = []
>> domainname, short_name = gen_short_name(setype)
>> - for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
>> + for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())):
>> for b in i:
>> if not isinstance(b, tuple):
>> continue
>> --
>> 2.37.3
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-02-06 14:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-24 20:26 [PATCH] python/sepolicy: Cache conditional rule queries Vit Mojzis
2023-01-30 17:58 ` [PATCH v2] " Vit Mojzis
2023-02-01 15:20 ` James Carter
2023-02-06 14:40 ` Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.