On 07/25/2014 04:04 PM, Joshua Brindle wrote: > Stephen Smalley wrote: >> Effectively it would be another copy of the kernel policy file, just one >> that is generated before merging local customizations (booleans, users, >> ports, nodes, interface), so that we can take that kernel policy, read >> it into a policydb, and mutate it rather than having to re-link the >> modules to generate another one. Would allow us to avoid module >> re-linking on all non-module semanage changes IIUC. Could be >> compressed; just means you have to pay the cost of uncompressing it >> before using it in libsemanage. >> > > On my Fedora 20 system a linked policy is 32 meg, bzip2 linked policy is > 768k. I wasn't going to bother with saving the current linked policy, just a copy of the kernel policy before merging local customizations. There is no linked policy in cil (on #integration) so basing anything on it is likely not a good idea, and by writing out the kernel policy before merging, we end up with something that is smaller and more readily usable on the next transaction. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
