Thread

  1. Re: [v9.1] sepgsql - userspace access vector cache

    Kohei KaiGai <kaigai@kaigai.gr.jp> — 2011-07-02T09:59:08Z

    The attached patch re-defines pg_seclabel.provider as NameData, instead of Text,
    and revert changes of catcache.c about collations; to keep consistency with the
    security label support on shared objects.
    All the format changes are hidden by (Get|Set)SecurityLabel(), so no
    need to change
    on the patch to contrib/sepgsql.
    
    Thanks,
    
    2011/6/13 Kohei KaiGai <kaigai@kaigai.gr.jp>:
    > 2011/6/13 Robert Haas <robertmhaas@gmail.com>:
    >> On Mon, Jun 13, 2011 at 7:51 AM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:
    >>> For syscache, length of a typical security label in selinux is
    >>> less than 64 bytes. If we assume an entry consume 128bytes
    >>> including Oid pairs or pointers, its consumption is 128KBytes
    >>> per 1,000 of tables or others.
    >>> (Do we have a way to confirm syscache status?)
    >>
    >> I was thinking you might start a new session, SELECT pg_backendd_pid()
    >> to get the PID, use top/ps to get its memory usage; then do a bunch of
    >> stuff and see how much it's grown.  The difference between how much it
    >> grows with and without the patch is the amount of additional memory
    >> the patch consumes.
    >>
    > I checked memory consumption of the backend with / without
    > patches. Because sepgsql_restorecon() tries to reset security
    > label of all the schemas, relations, columns and procedures,
    > an execution of this function is suitable to emphasize differences
    > between two cases in maximum.
    >
    > The results shows us about 3MB of additional consumption
    > in VmRSS, even if it caches all the security label of the objects
    > being created in the default (3331 entries).
    >
    > * without patches before/after sepgsql_restorecon()
    >
    > VmPeak:   150812 kB -> 170864 kB
    > VmSize:   150804 kB -> 154712 kB
    > VmLck:         0 kB -> 0kB
    > VmHWM:      3800 kB -> 22248 kB
    > VmRSS:      3800 kB -> 10620 kB
    > VmData:     1940 kB ->  5820 kB
    > VmStk:       196 kB -> 196 kB
    > VmExe:      5324 kB -> 5324 kB
    > VmLib:      2468 kB -> 2468 kB
    > VmPTE:       108 kB -> 120 kB
    > VmSwap:        0 kB -> 0kB
    >
    > * with patches before/after sepgsql_restorecon()
    > VmPeak:   150816 kB -> 175092 kB
    > VmSize:   150808 kB -> 158804 kB
    > VmLck:         0 kB -> 0 kB
    > VmHWM:      3868 kB -> 25956 kB
    > VmRSS:      3868 kB -> 13736 kB
    > VmData:     1944 kB -> 9912 kB
    > VmStk:       192 kB -> 192 kB
    > VmExe:      5324 kB -> 5324 kB
    > VmLib:      2472 kB -> 2472 kB
    > VmPTE:       100 kB -> 124 kB
    > VmSwap:        0 kB -> 0 kB
    >
    > Thanks,
    > --
    > KaiGai Kohei <kaigai@kaigai.gr.jp>
    >
    
    
    
    -- 
    KaiGai Kohei <kaigai@kaigai.gr.jp>