summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2011-07-25 21:22:57 +0200
committerLennart Poettering <lennart@poettering.net>2011-07-25 21:22:57 +0200
commit871e580949b1417058da7f7e9fa0380d308ef708 (patch)
treecd8d308e7ab3c81c42259b3ed2a636334be9b367
parent41e4d6e9ace4f3b717af3c0419b69a2ac7935116 (diff)
selinux: log how much time it takes to load the SELinux policy and database
-rw-r--r--src/label.c9
-rw-r--r--src/log.c6
-rw-r--r--src/log.h1
-rw-r--r--src/main.c6
-rw-r--r--src/selinux-setup.c8
5 files changed, 29 insertions, 1 deletions
diff --git a/src/label.c b/src/label.c
index 43f6e89fa5..5157b790d2 100644
--- a/src/label.c
+++ b/src/label.c
@@ -47,6 +47,7 @@ int label_init(void) {
int r = 0;
#ifdef HAVE_SELINUX
+ usec_t n;
if (!use_selinux())
return 0;
@@ -54,12 +55,20 @@ int label_init(void) {
if (label_hnd)
return 0;
+ n = now(CLOCK_MONOTONIC);
label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
if (!label_hnd) {
log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
"Failed to initialize SELinux context: %m");
r = security_getenforce() == 1 ? -errno : 0;
+ } else {
+ char buf[FORMAT_TIMESPAN_MAX];
+
+ n = now(CLOCK_MONOTONIC) - n;
+ log_info("Successfully loaded SELinux database in %s.",
+ format_timespan(buf, sizeof(buf), n));
}
+
#endif
return r;
diff --git a/src/log.c b/src/log.c
index 3776f0d9d8..b8ce122f3d 100644
--- a/src/log.c
+++ b/src/log.c
@@ -231,6 +231,12 @@ void log_set_target(LogTarget target) {
log_target = target;
}
+void log_close(void) {
+ log_close_console();
+ log_close_kmsg();
+ log_close_syslog();
+}
+
void log_set_max_level(int level) {
assert((level & LOG_PRIMASK) == level);
diff --git a/src/log.h b/src/log.h
index 303b0d66a3..c402afb8ea 100644
--- a/src/log.h
+++ b/src/log.h
@@ -56,6 +56,7 @@ LogTarget log_get_target(void);
int log_get_max_level(void);
int log_open(void);
+void log_close(void);
void log_close_syslog(void);
void log_close_kmsg(void);
diff --git a/src/main.c b/src/main.c
index 0a99e5a916..b181447ca3 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1046,6 +1046,7 @@ int main(int argc, char *argv[]) {
if (getpid() == 1) {
arg_running_as = MANAGER_SYSTEM;
log_set_target(detect_container(NULL) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_SYSLOG_OR_KMSG);
+ log_open();
/* This might actually not return, but cause a
* reexecution */
@@ -1064,9 +1065,11 @@ int main(int argc, char *argv[]) {
else
log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
}
+
} else {
arg_running_as = MANAGER_USER;
log_set_target(LOG_TARGET_AUTO);
+ log_open();
}
if (set_default_unit(SPECIAL_DEFAULT_TARGET) < 0)
@@ -1122,6 +1125,9 @@ int main(int argc, char *argv[]) {
assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
+ /* Close logging fds, in order not to confuse fdset below */
+ log_close();
+
/* Remember open file descriptors for later deserialization */
if (serialization) {
if ((r = fdset_new_fill(&fds)) < 0) {
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index 9ff27dcd77..f400f416da 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -37,6 +37,7 @@
int selinux_setup(char *const argv[]) {
#ifdef HAVE_SELINUX
int enforce = 0;
+ usec_t n;
/* Already initialized? */
if (path_is_mount_point("/sys/fs/selinux") > 0 ||
@@ -48,8 +49,13 @@ int selinux_setup(char *const argv[]) {
* relabel things. */
touch("/dev/.systemd-relabel-run-dev");
+ n = now(CLOCK_MONOTONIC);
if (selinux_init_load_policy(&enforce) == 0) {
- log_debug("Successfully loaded SELinux policy, reexecuting.");
+ char buf[FORMAT_TIMESPAN_MAX];
+
+ n = now(CLOCK_MONOTONIC) - n;
+ log_info("Successfully loaded SELinux policy in %s, reexecuting.",
+ format_timespan(buf, sizeof(buf), n));
/* FIXME: Ideally we'd just call setcon() here instead
* of having to reexecute ourselves here. */