daemon/selinux-relabel: run setfiles with "-T 0", if supported

Since SELinux userspace v3.4 [1], setfiles command supports "-T nthreads" option, which allows parallel execution. "-T 0" allows using as many threads as there're available CPU cores. This might speed up the process of filesystem relabeling in case the appliance is being run with multiple vCPUs. The latter is true for at least v2v starting from d2b64ecc67 ("v2v: Set the number of vCPUs to same as host number of pCPUs."). For instance, when running virt-v2v-in-place on my 12-core Xeon host with SSD, with appliance being run with 8 vCPUs (the upper limit specified in d2b64ecc67), and on the ~150GiB disk VM (physical size on the host), I get the following results: ./in-place/virt-v2v-in-place -i libvirt fedora37-vm -v -x Without this patch: ... commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M libguestfs: trace: v2v: selinux_relabel = 0 libguestfs: trace: v2v: rm_f "/.autorelabel" guestfsd: => selinux_relabel (0x1d3) took 17.94 secs ... With this patch: ... commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -T 0 -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M libguestfs: trace: v2v: selinux_relabel = 0 libguestfs: trace: v2v: rm_f "/.autorelabel" guestfsd: => selinux_relabel (0x1d3) took 5.88 secs ... So in my scenario it's getting 3 times faster. [1] https://github.com/SELinuxProject/selinux/releases/tag/3.4 Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
2026-03-21 22:53:37 +00:00 · 2023-04-26 15:59:46 +03:00
parent 152d6e4bdf
commit d0d8e67384
1 changed files with 12 additions and 0 deletions
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -73,6 +73,7 @@ do_selinux_relabel (const char *specfile, const char *path,
 {
  static int flag_m = -1;
  static int flag_C = -1;
+  static int flag_T = -1;
  const char *argv[MAX_ARGS];
  CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
    *s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
@@ -131,6 +132,17 @@ do_selinux_relabel (const char *specfile, const char *path,
  if (setfiles_has_option (&flag_C, 'C'))
    ADD_ARG (argv, i, "-C");

+  /* If the appliance is being run with multiple vCPUs, running setfiles
+   * in multithreading mode might speeds up the process.  Option "-T" was
+   * introduced in SELinux userspace v3.4, and we need to check whether it's
+   * supported.  Passing "-T 0" creates as many threads as there're available
+   * vCPU cores.
+   * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+   */
+  if (setfiles_has_option (&flag_T, 'T')) {
+    ADD_ARG (argv, i, "-T"); ADD_ARG (argv, i, "0");
+  }
+
  /* Relabelling in a chroot. */
  if (STRNEQ (sysroot, "/")) {
    ADD_ARG (argv, i, "-r");