Debian Bug report logs - #495786
postinst uses much RAM

version graph

Package: selinux-policy-default; Maintainer for selinux-policy-default is Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>; Source for selinux-policy-default is src:refpolicy.

Reported by: Kevin Price <kp@kevin-price.de>

Date: Wed, 20 Aug 2008 12:24:04 UTC

Severity: important

Tags: lenny

Found in versions refpolicy/2:0.0.20080702-4, refpolicy/2:0.0.20080702-10

Done: Kevin Price <kp@kevin-price.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. Full text and rfc822 format available.

Acknowledgement sent to Kevin Price <kp@kevin-price.de>:
New Bug report received and forwarded. Copy sent to Russell Coker <russell@coker.com.au>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kevin Price <kp@kevin-price.de>
To: submit@bugs.debian.org
Subject: postinst uses much RAM
Date: Wed, 20 Aug 2008 14:23:23 +0200
[Message part 1 (text/plain, inline)]
Package: selinux-policy-default
Version: 2:0.0.20080702-4
Severity: minor
Tags: lenny

Dear maintainers!

When I use the daily lenny d-i snapshot from
http://people.debian.org/~joeyh/ on the Liksys NSLU2, (slug) the
installation of selinux-policy-default during the installation takes
extremely long. Without having timed it, I would say half an hour.

After the installation had completed, I purged and reinstalled the
package, from which I could tell that the postinst was what's taking so
long. Especially during the stage "Calculating dependencies between
modules" the process semodule_deps, and later selinux use up very much
RAM, forcing poor old slug into heavy swapping. Please note that the
slug has only 32MB RAM.

If possible, I think the memory consumption should be optimized. Thanks
for looking at this.

best regards
Kevin

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: armel (armv5tel)

Kernel: Linux 2.6.25-2-ixp4xx
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules                1.0.1-2    Pluggable Authentication
ii  libselinux1                   2.0.65-2   SELinux shared libraries
ii  libsepol1                     2.0.30-2   Security Enhanced Linux
ii  policycoreutils               2.0.49-5   SELinux core policy
ii  python                        2.5.2-1    An interactive high-level

Versions of packages selinux-policy-default recommends:
pn  checkpolicy                   <none>     (no description available)
pn  setools                       <none>     (no description available)

Versions of packages selinux-policy-default suggests:
pn  logcheck                      <none>     (no description available)
pn  syslog-summary                <none>     (no description available)

-- no debconf information

-- 
Kevin Price
http://www.kevin-price.de/

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. Full text and rfc822 format available.

Message #10 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: Kevin Price <kp@kevin-price.de>, 495786@bugs.debian.org
Subject: Re: Bug#495786: postinst uses much RAM
Date: Sat, 23 Aug 2008 13:18:36 +0300
* Kevin Price <kp@kevin-price.de> [2008-08-20 14:23]:
> If possible, I think the memory consumption should be optimized. Thanks
> for looking at this.

Given that this package is installed by default on new installations,
I think memory usage should seriously be trimmed down before lenny is
released (if at all possible).

-- 
Martin Michlmayr
http://www.cyrius.com/




Severity set to `important' from `minor' Request was from Martin Michlmayr <tbm@cyrius.com> to control@bugs.debian.org. (Sat, 23 Aug 2008 10:21:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. Full text and rfc822 format available.

Message #17 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: Kevin Price <kp@kevin-price.de>, 495786@bugs.debian.org
Subject: Re: Bug#495786: postinst uses much RAM
Date: Sat, 30 Aug 2008 21:34:43 +0300
Russell,

Do you have any comment at all about this problem?  The NSLU2 (with 32
MB) is a very popular device, and the slow installation of
selinux-policy-default in lenny is a major regression to the etch
installation experience.

-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. Full text and rfc822 format available.

Message #22 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: Russell Coker <russell@coker.com.au>
Cc: Kevin Price <kp@kevin-price.de>, 495786@bugs.debian.org
Subject: Re: Bug#495786: postinst uses much RAM
Date: Mon, 8 Sep 2008 15:59:21 +0300
* Martin Michlmayr <tbm@cyrius.com> [2008-08-30 21:34]:
> Do you have any comment at all about this problem?  The NSLU2 (with
> 32 MB) is a very popular device, and the slow installation of
> selinux-policy-default in lenny is a major regression to the etch
> installation experience.

Russell, any comments?
-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. Full text and rfc822 format available.

Message #27 received at 495786@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 495786@bugs.debian.org
Subject: what modules are installed?
Date: Sun, 14 Sep 2008 21:21:06 +1000
Please run "semodule -l" after the installation and give me a list of the 
modules.





Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. Full text and rfc822 format available.

Message #32 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: 495786@bugs.debian.org, Kevin Price <kp@kevin-price.de>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Subject: Re: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Mon, 15 Sep 2008 10:51:19 +0300
* Russell Coker <russell@coker.com.au> [2008-09-15 05:17]:
>  refpolicy (2:0.0.20080702-8) unstable; urgency=low
>  .
>    * Made the postinst faster on machines with small amounts of memory.  5%
>      improvement on AMD64 with 64M of RAM.  Not sure how much benefit it might
>      give for a NSLUG.

It would be great if someone could do an installation of Debian
unstable on their NSLU2 and time how long selinux-policy-default takes
to install now.
-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Mon, 22 Sep 2008 13:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Joseph Rawson <umeboshi3@gmail.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Mon, 22 Sep 2008 13:57:05 GMT) Full text and rfc822 format available.

Message #37 received at 495786@bugs.debian.org (full text, mbox):

From: Joseph Rawson <umeboshi3@gmail.com>
To: 495786@bugs.debian.org
Subject: selinux-policy-default: confirming ram usage for semodule_deps
Date: Mon, 22 Sep 2008 08:52:01 -0500
[Message part 1 (text/plain, inline)]
Subject: selinux-policy-default: confirming ram usage for semodule_deps
Followup-For: Bug #495786
Package: selinux-policy-default
Version: 2:0.0.20080702-10

*** Please type your report below this line ***
I have been noticing that I've been having problems installing
a system from a debian live system.  I found that this was only 
when I installed the standard task.  I then poked around to figure 
out what was going on, and I found that semodule_deps was using 
a lot of memory.  It uses enough memory to start the oom killer, 
and this disrupts the whole system.

After reading through the bug report, I noticed that a new 
package had been built.  I decided to make a machine in virtualbox 
to try it out.  I made the machine with 64M of memory and decided 
to not use any swap space.  I installed the system with the netinst
iso for LennyBeta2 (I can't use the newer ones yet, as they freeze 
in the VM when VT is enabled.  There's a new virtualbox package, so 
I'm going to install that pretty soon so I can use a more recent 
netinst image).  I installed just the base system with no tasks.  I 
then rebooted into the new machine and used aptitude to install the
standard packages.

	aptitude --without-recommends install ~prequired ~pimportant 
		~pstandard

In doing this, the oom killer was invoked, and proceeded to kill 
a couple of processes.  I was running top, and I watched as 
semodule_deps made it up to over 50M before processes started dying.

The information below is straight from the procedure I mentioned above.  
It is a base system from the LennyBeta2 netinst after running the 
aptitude command above, with the addition of an apt source that holds 
the new selinux-policy-default package.  If you need better info, just let 
me know.



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set 
LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules                1.0.1-4    Pluggable Authentication Modules 
f
ii  libselinux1                   2.0.65-5   SELinux shared libraries
ii  libsepol1                     2.0.30-2   Security Enhanced Linux policy 
lib
ii  policycoreutils               2.0.49-6   SELinux core policy utilities
ii  python                        2.5.2-2    An interactive high-level 
object-o

Versions of packages selinux-policy-default recommends:
pn  checkpolicy                   <none>     (no description available)
pn  setools                       <none>     (no description available)

Versions of packages selinux-policy-default suggests:
pn  logcheck                      <none>     (no description available)
pn  syslog-summary                <none>     (no description available)

-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = (unset),
	LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

-- 
Thanks:
Joseph Rawson
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Thu, 16 Oct 2008 20:12:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Thu, 16 Oct 2008 20:12:16 GMT) Full text and rfc822 format available.

Message #42 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: 495786@bugs.debian.org, Kevin Price <kp@kevin-price.de>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Subject: Re: Bug#495786: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Thu, 16 Oct 2008 22:11:28 +0200
* Martin Michlmayr <tbm@cyrius.com> [2008-09-15 10:51]:
> It would be great if someone could do an installation of Debian
> unstable on their NSLU2 and time how long selinux-policy-default takes
> to install now.

It seems that things have significantly improved:

Oct 16 19:29:08 in-target: Setting up selinux-policy-default (2:0.0.20080702-6) ...
Oct 16 19:29:15 in-target: Notice: Trying to link (but not load) a default policy.
Oct 16 19:29:15 in-target: This process may fail -- you should check the results, and
Oct 16 19:29:15 in-target: you need to switch to this policy yourself anyway.
Oct 16 19:29:15 in-target:
Oct 16 19:29:15 in-target: Locating modules
Oct 16 19:29:15 in-target: Calculating dependencies between modules
Oct 16 19:41:30 in-target: Ordering modules based on dependencies
Oct 16 19:41:31 in-target: Selecting modules based on installed packages
Oct 16 19:41:55 in-target: Loaded base policy
Oct 16 19:45:04 in-target: Loaded modules  remotelogin telnet tzdata ftp finger procmail ssh gpg portmap dhcp tcpd netutils rpc
Oct 16 19:45:04 in-target: changed policy type to default as the "refpolicy" names are obsolete
Oct 16 19:45:05 in-target: Setting up sharutils (1:4.6.3-1) ...

So it takes about 15 minutes now.
-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Wed, 29 Oct 2008 06:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Wed, 29 Oct 2008 06:42:04 GMT) Full text and rfc822 format available.

Message #47 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: 495786@bugs.debian.org, Kevin Price <kp@kevin-price.de>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Subject: Re: Bug#495786: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Wed, 29 Oct 2008 07:39:09 +0100
* Martin Michlmayr <tbm@cyrius.com> [2008-10-16 22:11]:
> It seems that things have significantly improved:
...
> So it takes about 15 minutes now.

Kevin, do you have time to do an installation to confirm this?
-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Wed, 29 Oct 2008 07:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kevin Price <kp@kevin-price.de>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Wed, 29 Oct 2008 07:12:02 GMT) Full text and rfc822 format available.

Message #52 received at 495786@bugs.debian.org (full text, mbox):

From: Kevin Price <kp@kevin-price.de>
To: Martin Michlmayr <tbm@cyrius.com>
Cc: 495786@bugs.debian.org, Gordon Farquharson <gordonfarquharson@gmail.com>
Subject: Re: Bug#495786: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Wed, 29 Oct 2008 08:06:14 +0100
[Message part 1 (text/plain, inline)]
Martin Michlmayr schrieb:
> * Martin Michlmayr <tbm@cyrius.com> [2008-10-16 22:11]:
>> It seems that things have significantly improved:
> ...
>> So it takes about 15 minutes now.
> 
> Kevin, do you have time to do an installation to confirm this?

Yes. I'll go for it tonight. Should I use this one

http://www.cyrius.com/debian/nslu2/files/tmp/daily.img

or the original debian daily and add the microcode myself?

cheers
-- 
Kevin Price
http://www.kevin-price.de/

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Wed, 29 Oct 2008 07:51:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Wed, 29 Oct 2008 07:51:05 GMT) Full text and rfc822 format available.

Message #57 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: Kevin Price <kp@kevin-price.de>
Cc: 495786@bugs.debian.org, Gordon Farquharson <gordonfarquharson@gmail.com>
Subject: Re: Bug#495786: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Wed, 29 Oct 2008 08:48:03 +0100
* Kevin Price <kp@kevin-price.de> [2008-10-29 08:06]:
> Yes. I'll go for it tonight. Should I use this one
> http://www.cyrius.com/debian/nslu2/files/tmp/daily.img

I updated it yesterday so you can use it.
-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Thu, 30 Oct 2008 07:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kevin Price <kp@kevin-price.de>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Thu, 30 Oct 2008 07:09:02 GMT) Full text and rfc822 format available.

Message #62 received at 495786@bugs.debian.org (full text, mbox):

From: Kevin Price <kp@kevin-price.de>
To: Martin Michlmayr <tbm@cyrius.com>
Cc: 495786@bugs.debian.org, Gordon Farquharson <gordonfarquharson@gmail.com>, control@bugs.debian.org
Subject: Re: Bug#495786: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Thu, 30 Oct 2008 08:06:26 +0100
[Message part 1 (text/plain, inline)]
close 495786
thanks
Martin Michlmayr schrieb:
>> So it takes about 15 minutes now.
> 
> Kevin, do you have time to do an installation to confirm this?

Yes, I installed lenny from your daily snapshot. The package was not in
the default installation.

I apt-get installed it afte the installation, which took 8 minutes.

Both seem to be improvements to me. I think it's reaonable to close the
bug. Thanks anyone for making these improvements!

Martin, is there any further testing I can do at the moment?

-- 
Kevin Price
http://www.kevin-price.de/

[signature.asc (application/pgp-signature, attachment)]

Bug closed, send any further explanations to Kevin Price <kp@kevin-price.de> Request was from Kevin Price <kp@kevin-price.de> to control@bugs.debian.org. (Thu, 30 Oct 2008 07:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#495786; Package selinux-policy-default. (Sun, 02 Nov 2008 15:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Sun, 02 Nov 2008 15:51:06 GMT) Full text and rfc822 format available.

Message #69 received at 495786@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: Kevin Price <kp@kevin-price.de>
Cc: 495786@bugs.debian.org, Gordon Farquharson <gordonfarquharson@gmail.com>
Subject: Re: Bug#495786: Accepted refpolicy 2:0.0.20080702-8 (source all)
Date: Sun, 2 Nov 2008 16:47:47 +0100
* Kevin Price <kp@kevin-price.de> [2008-10-30 08:06]:
> Yes, I installed lenny from your daily snapshot. The package was not in
> the default installation.

FWIW, I just installed lenny on a mipsel machine and
selinux-policy-default was installed as part of standard.
-- 
Martin Michlmayr
http://www.cyrius.com/




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 01 Dec 2008 07:32:10 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 14:20:45 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.