Details
-
Bug
-
Status: Accepted
-
Major
-
Resolution: Unresolved
-
PUP 2.7.25, PUP 3.6.2
-
None
-
Any system with SELinux enabled
-
Night's Watch
-
47725
-
1
Description
During a puppet run, the read_mounts function in util/selinux is called for each file that it managed on the system.
As currently implemented, the system will read /proc/mounts for each file.
While initially being unwanted due to unnecessary file IO, certain systems that use namespacing, such as OpenShift, create potentially thousands of redundant mount entries in /proc/mounts (5500 on one system that I've seen).
This causes each puppet run to observably crawl to over 30 minutes when normally it runs in 30 seconds.
I've attached a patch that uses a caching mechanism to alleviate this issue.
However, I'm 90% certain that there is some global space where this can be done instead of using a global variable and I'm hoping that someone that knows this off the top of their head can update the code appropriately.
