Sounds like a reasonable compromise to me. On 07/25/2014 03:55 PM, Stephen Smalley wrote: > Effectively it would be another copy of the kernel policy file, just one > that is generated before merging local customizations (booleans, users, > ports, nodes, interface), so that we can take that kernel policy, read > it into a policydb, and mutate it rather than having to re-link the > modules to generate another one. Would allow us to avoid module > re-linking on all non-module semanage changes IIUC. Could be > compressed; just means you have to pay the cost of uncompressing it > before using it in libsemanage. > > On 07/25/2014 03:49 PM, Daniel J Walsh wrote: >> How large is it? Does it matter if it is compressed? >> >> On 07/25/2014 03:45 PM, Joshua Brindle wrote: >>> Stephen Smalley wrote: >>>> Motivated by: >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1098446 >>>> >>>> I believe this is always safe for booleans because we only set their >>>> value; we are never adding new ones via semanage, unlike for example >>>> users, ports, nodes, and interfaces. For the rest, I was wondering why >>>> we don't save the linked file and just reuse it on those changes rather >>>> than re-linking each time - that seems like it would be straightforward >>> We originally kept the linked copy around and had intended to do what >>> you are saying above but removed it when the minimal Red Hat guys >>> complained about the size of it. >>> >>>> to do in libsemanage and make those operations significantly faster and >>>> less memory intensive. >> _______________________________________________ >> Selinux mailing list >> Selinux@xxxxxxxxxxxxx >> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. >> >> > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
