Effectively it would be another copy of the kernel policy file, just one that is generated before merging local customizations (booleans, users, ports, nodes, interface), so that we can take that kernel policy, read it into a policydb, and mutate it rather than having to re-link the modules to generate another one. Would allow us to avoid module re-linking on all non-module semanage changes IIUC. Could be compressed; just means you have to pay the cost of uncompressing it before using it in libsemanage. On 07/25/2014 03:49 PM, Daniel J Walsh wrote: > How large is it? Does it matter if it is compressed? > > On 07/25/2014 03:45 PM, Joshua Brindle wrote: >> Stephen Smalley wrote: >>> Motivated by: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1098446 >>> >>> I believe this is always safe for booleans because we only set their >>> value; we are never adding new ones via semanage, unlike for example >>> users, ports, nodes, and interfaces. For the rest, I was wondering why >>> we don't save the linked file and just reuse it on those changes rather >>> than re-linking each time - that seems like it would be straightforward >> >> We originally kept the linked copy around and had intended to do what >> you are saying above but removed it when the minimal Red Hat guys >> complained about the size of it. >> >>> to do in libsemanage and make those operations significantly faster and >>> less memory intensive. >> > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
