Stephen Smalley wrote:
Effectively it would be another copy of the kernel policy file, just one
that is generated before merging local customizations (booleans, users,
ports, nodes, interface), so that we can take that kernel policy, read
it into a policydb, and mutate it rather than having to re-link the
modules to generate another one. Would allow us to avoid module
re-linking on all non-module semanage changes IIUC. Could be
compressed; just means you have to pay the cost of uncompressing it
before using it in libsemanage.
On my Fedora 20 system a linked policy is 32 meg, bzip2 linked policy is
768k.
On 07/25/2014 03:49 PM, Daniel J Walsh wrote:
How large is it? Does it matter if it is compressed?
On 07/25/2014 03:45 PM, Joshua Brindle wrote:
Stephen Smalley wrote:
Motivated by:
https://bugzilla.redhat.com/show_bug.cgi?id=1098446
I believe this is always safe for booleans because we only set their
value; we are never adding new ones via semanage, unlike for example
users, ports, nodes, and interfaces. For the rest, I was wondering why
we don't save the linked file and just reuse it on those changes rather
than re-linking each time - that seems like it would be straightforward
We originally kept the linked copy around and had intended to do what
you are saying above but removed it when the minimal Red Hat guys
complained about the size of it.
to do in libsemanage and make those operations significantly faster and
less memory intensive.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
