On Monday 16 May 2005 01:06, Russell Coker <russell@xxxxxxxxxxxx> wrote: > I've attached a little Perl script that will munge a targeted policy. It > replaces most type and domain definitions with typealias rules and reduces > the policy binary size from 4176K to 60K. That saves 4116K of kernel > memory and almost 700K on the cramfs. The saving of 4M of kernel memory > will make a huge difference to the install on small machines. Currently > it's almost impossible to install a FC4 test version on a machine with 64M > of RAM, this change will give the same result as adding another 4M of RAM > to machines for the installer (particularly important for machines that run > out of RAM before completing the partitioning process). I've attached a new version, my first version had a bug that caused files created in the post install scripts of packages and the post install for kickstart get the wrong type. For reference, if the type on a directory is an alias it seems that new objects created under the directory get the base type in the security.selinux xattr not the alias name. Anyway with this change the result is correct (verified by running setfiles -v on a fresh install - I found evidence of other bugs but no bugs caused by my code). The policy.19 file will now be 444K in size, this saves 3732K of kernel memory which is still worth doing. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Attachment:
tiny.pl
Description: Perl program
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
