Re: RSBAC performance in Linux 2.4.10


From: Amon Ott <ao@rsbac.org>
Subject: Re: RSBAC performance in Linux 2.4.10
Date: Thu, 17 Jan 2002 12:21:22 +0100

Next Article (by Author): Re: mount troubles Amon Ott
Previous Article (by Author): Re: RSBAC performance in Linux 2.4.10 Amon Ott
Top of Thread: RSBAC performance in Linux 2.4.10 Pontus Lidman
Articles sorted by: [Date] [Author] [Subject]


On Wednesday, 16. January 2002 20:18, Pontus Lidman wrote:
> Here's my /proc/rsbac-info/stats, before and after the test, in case
> it gives you some useful information:
>
> --- stats_1     Tue Jan 15 18:24:12 2002
> +++ stats_2     Tue Jan 15 19:59:33 2002
> @@ -4,27 +4,27 @@
>  Compiled Modules: MAC RC AUTH ACL
>  All modules active (no switching)
>
> -Device 08:01 has 303 fd-items and 1 dirty lists
> +Device 08:01 has 305 fd-items and 1 dirty lists
>  Device 00:02 has 0 fd-items and 0 dirty lists
>  Device 08:05 has 0 fd-items and 0 dirty lists
>  Device 08:06 has 28389 fd-items and 0 dirty lists

Here is the big problem. How did you come to 28389 fd-items on this device? 
Guess: MAC is turned on, and smart inherit off.

Please try a rsbac_check 1 1 before next timing - it should cut down your fd 
items and thus speed up the system significantly. If not, tell me more about 
your .config and your setup.

>  Device 08:07 has 3757 fd-items and 0 dirty lists
>  Device 03:01 has 0 fd-items and 0 dirty lists
>  Device 03:05 has 0 fd-items and 0 dirty lists
> -Device 03:04 has 1227 fd-items and 0 dirty lists
> +Device 03:04 has 1220 fd-items and 0 dirty lists
>  Device 08:17 has 1027 fd-items and 0 dirty lists
>  Device 00:06 has 0 fd-items and 0 dirty lists
>  Device 00:07 has 0 fd-items and 0 dirty lists
>  Device 22:00 has 0 fd-items and 0 dirty lists
>  Device 00:08 has 0 fd-items and 0 dirty lists
> -Sum of 13 Devices with 34703 fd-items
> +Sum of 13 Devices with 34698 fd-items
>  0 dev-items
>  23 ipc-items
>  4 user-items
>  41 process-items
> -Total of 34771 registered rsbac-items, 1 lists dirty
> +Total of 34766 registered rsbac-items, 1 lists dirty

Altogether far too many items, resulting in huge lists, which are traversed 
for every single request:

>  adf_request calls:
> -file: 22415, dir: 47910, fifo: 3348, symlink: 2710, dev: 1920, ipc: 691,
> scd: 3 5, user: 0, process: 1766
> +file: 344403, dir: 1186637, fifo: 9630, symlink: 19112, dev: 7991, ipc:
> 1065, s cd: 57, user: 0, process: 2932
>  adf_set_attr calls:
> -file: 11010, dir: 663, fifo: 2989, symlink: 0, dev: 1908, ipc: 690, scd:
> 0, use r: 0, process: 880
> +file: 17208, dir: 98355, fifo: 5578, symlink: 0, dev: 7979, ipc: 1064,
> scd: 0, user: 0, process: 1400

Amon.
--
http://www.rsbac.org
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: mount troubles Amon Ott
Previous Article (by Author): Re: RSBAC performance in Linux 2.4.10 Amon Ott
Top of Thread: RSBAC performance in Linux 2.4.10 Pontus Lidman
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.