On Thu, 2008-07-24 at 19:00 +0300, Vesa-Matti J Kari wrote: > Hello, > > On Thu, 24 Jul 2008, James Morris wrote: > > > I'm not applying these variable renaming patches, as they peturb the code > > for no established benefit. > > That's all right. > > > I suggest reading the following carefully on how to submit patches: > > http://www.zipworld.com.au/~akpm/linux/patches/stuff/tpp.txt > > Thanks a lot. I try to be more careful. I suppose I have to resend one > patch, as I forgot to CC the kernel list, and the patch was not really > conforming to the rules specified above, either. > > > It's also generally best to simply use git to create patches (e.g. via > > git-format-patch). > > OK, I have to learn how to use git. > > > Something that would be particularly useful at this stage would be to see > > if you can reproduce a long delay in booting the current git tree possibly > > related to SELinux policy loading: > > > > [ 6.904650] EXT3-fs: mounted filesystem with ordered data mode. > > [ 7.076411] type=1404 audit(1216904882.076:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 > > [ 59.445985] SELinux: 8192 avtab hash slots, 1815416 rules. > > [ 60.812559] SELinux: 8192 avtab hash slots, 1979772 rules. > > It boots quite quickly on my Fedora 9, but the boot log shows > significantly less rules than yours. If you really have that much rules, I > guess your hash chains will have to be much longer too... > > The 171021 vs 1979772 is strange, ratio being approx. 1:11. > > Here is what I have: > > EXT3-fs: mounted filesystem with ordered data mode. > type=1404 audit(1216911601.748:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 > SELinux: 8192 avtab hash slots, 171021 rules. > SELinux: 8192 avtab hash slots, 171021 rules. Yes, that looks more reasonable than James' output. James - semodule -l output? rpm -V selinux-policy-targeted output? If you move aside the policy.N file and run semodule -B, do you end up with the same size policy or one that is more reasonable? Also, libsepol version is of interest here. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
