Re: I am thinking of adding compression to libselinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2013 08:11 AM, Lennart Poettering wrote:
> On Thu, 12.09.13 07:53, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Basically looking at compressing the policy file to shrink SELinux
>> footprint in the minimal install/cloud image.
>> 
>> Currently the policy modules (pp files) are shipped with bzip compression
>> but the actually policy file.
>> 
>> But the /etc/selinux/targeted/policy/policy.29 is not compressed.
>> systemd and load_policy use libselinux to read in the policy file and
>> load it into the kernel, so since systemd currently uses libxz, I figured
>> this would be the best solution to add libxz support to libselinux.
>> 
>> ls -l /etc/selinux/targeted/policy/policy.29* - -rw-r--r--. 1 root root
>> 2703245 Sep 11 13:56 /etc/selinux/targeted/policy/policy.29 - -rw-r--r--.
>> 1 root root 395072 Sep 11 13:56 
>> /etc/selinux/targeted/policy/policy.29.xz
>> 
>> Worth the effort?
> 
> Well, you might buy smaller footprint with slower boot time, but I figure
> without trying it there's no way to know that for sure.
> 
> (That said, our minimal image is a couple of 100mb still, iirc, so 2mb is
> not thaaaat much.)
> 
>> Should I use a different algorithm?
>> 
>> Advise on using libxz?  Keep memory small?
> 
> I think nowadays it's either gzip or xz, and everything else is not 
> interesting, as the others either are slower or compress worses, and most
> importantly: libgz/liblzma are deps of the core OS anyway and included in
> the minimal image anyway and are also already mapped into memory, so come
> basically free.
> 
> Lennart
> 
Well I will need to support both compressed and uncompressed versions, so I
guess I could set up the tooling to create either based on config.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIxsKAACgkQrlYvE4MpobPSxgCgu7jKV1tFBzvdWOg3vRLU5HXr
2pQAn3nWXA0pUroTJXx+Iy7e+kYvu6Pj
=qUnS
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux