From owner-freebsd-security@FreeBSD.ORG Tue Apr 17 21:24:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 516561065677; Tue, 17 Apr 2012 21:24:31 +0000 (UTC) (envelope-from krichy@tvnetwork.hu) Received: from krichy.tvnetwork.hu (unknown [IPv6:2a01:be00:0:2::10]) by mx1.freebsd.org (Postfix) with ESMTP id C81C88FC16; Tue, 17 Apr 2012 21:24:30 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id 5FF2720402; Tue, 17 Apr 2012 23:24:29 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id 4F4B4203CC; Tue, 17 Apr 2012 23:24:29 +0200 (CEST) Date: Tue, 17 Apr 2012 23:24:29 +0200 (CEST) From: Richard Kojedzinszky To: =?ISO-8859-2?Q?Edward_Tomasz_Napiera=B3a?= In-Reply-To: <3BFCE7F6-8C67-4BEA-AF13-712A83430002@FreeBSD.org> Message-ID: References: <4F8AAEF7.3090800@zedat.fu-berlin.de> <4F8B21D2.4080008@zedat.fu-berlin.de> <951B1A8C-A216-420A-BA17-316B8D9C2B0E@gmail.com> <4F8B2CC4.5030601@zedat.fu-berlin.de> <28768C15-C694-4C09-8CD1-3F5412554B55@gmail.com> <3BFCE7F6-8C67-4BEA-AF13-712A83430002@FreeBSD.org> User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="1030603365-960894060-1334697869=:5815" Cc: Adrian Chadd , Garrett Cooper , freebsd-security@freebsd.org, Current FreeBSD , freebsd-performance@freebsd.org, "O. Hartmann" Subject: Re: ufs multilabel performance (fwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2012 21:24:31 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1030603365-960894060-1334697869=:5815 Content-Type: TEXT/PLAIN; charset=iso-8859-2; format=flowed Content-Transfer-Encoding: 8BIT Without any benchmarks I would also think for the high io, in the xen dom0 I see high disk activity (eg 99% writes) when using mac labels. But of course I will do the tests, please give some instructions, how to compile the kernel, how the implement the benchmark. Thanks in advance, Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt. On Tue, 17 Apr 2012, Edward Tomasz Napierała wrote: > Date: Tue, 17 Apr 2012 22:57:09 +0200 > From: Edward Tomasz Napierała > To: Adrian Chadd > Cc: Richard Kojedzinszky , > Garrett Cooper , freebsd-security@freebsd.org, > freebsd-performance@freebsd.org, > Current FreeBSD , > O. Hartmann > Subject: Re: ufs multilabel performance (fwd) > > Wiadomość napisana przez Adrian Chadd w dniu 17 kwi 2012, o godz. 21:17: >> On 16 April 2012 23:31, Richard Kojedzinszky wrote: >>> >>> So now reactions here, creating files with multilabel is still slow. >>> >>> I would like to use multilabel access control on my /tmp, for example, my >>> web server places it's session files there in a subdirectory. Of course, I >>> would like to assign a label for that subdir, but with this slow file >>> creation, that is not the way to go. I may then use a different filesystem >>> for that. In this case, can I assign a root mac label for a mount point? >> >> Hi, >> >> This is a perfect job for hwpmc / dtrace. >> >> Would you be able to load up either of those and get some CPU usage >> statistics whilst you're running your benchmark? >> >> It's either that, or it's (massive) locking contention. > > Or disk I/O. MAC labels, just like ACLs, are stored in extended attributes, > and I remember something about writing those being synchronous. > > -- > If you cut off my head, what would I say? Me and my head, or me and my body? > --1030603365-960894060-1334697869=:5815--