Re: semanage slow (Should I ignore or report this avc denial?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2012 09:21 AM, Zdenek Pytela wrote:
> Daniel J Walsh pise:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 09/27/2012 10:34 AM, Sergio wrote:
>>> 
>>>>>> 
>>>>>> The policy configuration supports two options:
>>>>>> 
>>>>>> 1. silently deny this: setsebool -P
>>>>> vbetool_mmap_zero_ignore on
>>>>>> 
>>>>>> or
>>>>>> 
>>>>>> 2. allow this: setsebool -P mmap_low_allowed on
>>>>>> 
>>>>>> 
>>>>>> 
>>>>> 
>>>>> A better solution is probably
>>>>> 
>>>>> yum remove vbetool
>>>>> 
>>>>> Since most people do not need it.
>>>> 
>>> 
>>> For the while I went with
>>> 
>>> # setsebool -P mmap_low_allowed on
>>> 
>>> And it's taking quite a while to complete the job. The command is
>>> using almost all of my old Athlon CPU for quite some time already.
>>> 
>>> Is this normal?
>>> 
>>> Note: last selinux-policy-targeted update got stuck and I eventually
>>> had to stop it and then complete it afterwards (with
>>> yum-complete-transaction). Just saying to give a perspective. Maybe I
>>> should stop the setsebool process (not doing anything now in case I get
>>> an answer)? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> 
>>> 
>> 
>> 
>> setsebool -P and semanage commands are slow, they are doing a full
>> recompile of all policy.
> OK, I understand this. But what's the reason to be semanage boolean -l much
> slower than getsebool -a No recompiling, just gathering the booleans
> default state and short summary in addition to the second command.
> 
Yes this is because semanage is doing a lot of initialization stuff that could
probably be avoided if we were a little smarter.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBrL3gACgkQrlYvE4MpobNwwwCbBjKPyd+SslomlyJJHj3xggJv
toYAnixNTm/kNynaC5fDi7QBGN8P5Qjt
=vErS
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux