On Thu, 12.09.13 07:53, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Basically looking at compressing the policy file to shrink SELinux footprint > in the minimal install/cloud image. > > Currently the policy modules (pp files) are shipped with bzip compression but > the actually policy file. > > But the /etc/selinux/targeted/policy/policy.29 is not compressed. systemd and > load_policy use libselinux to read in the policy file and load it into the > kernel, so since systemd currently uses libxz, I figured this would be the > best solution to add libxz support to libselinux. > > ls -l /etc/selinux/targeted/policy/policy.29* > - -rw-r--r--. 1 root root 2703245 Sep 11 13:56 > /etc/selinux/targeted/policy/policy.29 > - -rw-r--r--. 1 root root 395072 Sep 11 13:56 > /etc/selinux/targeted/policy/policy.29.xz > > Worth the effort? Well, you might buy smaller footprint with slower boot time, but I figure without trying it there's no way to know that for sure. (That said, our minimal image is a couple of 100mb still, iirc, so 2mb is not thaaaat much.) > Should I use a different algorithm? > > Advise on using libxz? Keep memory small? I think nowadays it's either gzip or xz, and everything else is not interesting, as the others either are slower or compress worses, and most importantly: libgz/liblzma are deps of the core OS anyway and included in the minimal image anyway and are also already mapped into memory, so come basically free. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
