should GNU install call matchpathcon by default?

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

should GNU install call matchpathcon by default?

From:	Jim Meyering
Subject:	should GNU install call matchpathcon by default?
Date:	Wed, 07 Nov 2007 12:31:19 +0100

Hi,

This morning I noticed a flagrant difference in the speed of
"make install" for the just-released gettext-0.17.  It took 12(!)
times longer on a rawhide system than on a usually-slower debian
unstable system. (3min vs. 15s)

I tracked it down to the fact that on that rawhide system, I'm using
the latest _upstream_ install binary from (SELinux-enabled) coreutils.
The rawhide /usr/bin/install only ever calls matchpathcon (via
setdefaultfilecon) when its final chown or chmod fails.  Looks like
a fortuitous bug in the rawhide patch.  The version of install from
upstream coreutils calls it every time, since that's the only thing that
made sense to me when I redid coreutils' SELinux support.  Considering no
one can be relying on install's matchpathcon semantics, even in rawhide,
I think it should not be the default, upstream -- especially considering
the enormous performance hit.

Any objections or suggestions from the SELinux folks?

Do you think coreutils' install should use matchpathcon at all?  If so,
either it'll have to be associated with a new option, or it'll have
to be a lot more efficient.  Yes, we've discussed this before, and
you guys convinced me to provide the functionality for ease of use.
But for those not familiar with the issues, note that you can get the
same effect without the embedded matchpathcon call, simply by invoking
install with a context provided by the matchpathcon _program_:

  install -Z $(matchpathcon $dest_file) SRC_FILE $dest_file

Can someone can look at making matchpathcon more efficient?  I understand
that making it the default would be nice, and if it's feasible to minimize
the performance impact of that matchpathcon call, it'd be much better *not*
to add a new option.

Unless I find a magic bullet, I'll disable install's use of
matchpathcon for the upcoming test release.

Jim

In case you're interested in trying a recent snapshot,

  http://meyering.net/cu/coreutils-6.9-ss.tar.gz
  http://meyering.net/cu/coreutils-6.9-ss.tar.gz.sig

[Prev in Thread]

Current Thread

[Next in Thread]

should GNU install call matchpathcon by default?, Jim Meyering <=
- Re: should GNU install call matchpathcon by default?, Jim Meyering, 2007/11/07
  - Re: should GNU install call matchpathcon by default?, Jim Meyering, 2007/11/12
- Re: should GNU install call matchpathcon by default?, Eamon Walsh, 2007/11/08
  - Re: should GNU install call matchpathcon by default?, Jim Meyering, 2007/11/09

Prev by Date: Re: "sort" command (feature suggestions)
Next by Date: date broken in coreutils-6.7 and new glibc-2.7
Previous by thread: re: "sort" command (feature suggestions)
Next by thread: Re: should GNU install call matchpathcon by default?
Index(es):
- Date
- Thread