On 07/25/2014 04:12 PM, Stephen Smalley wrote: > On 07/25/2014 04:04 PM, Joshua Brindle wrote: >> Stephen Smalley wrote: >>> Effectively it would be another copy of the kernel policy file, just one >>> that is generated before merging local customizations (booleans, users, >>> ports, nodes, interface), so that we can take that kernel policy, read >>> it into a policydb, and mutate it rather than having to re-link the >>> modules to generate another one. Would allow us to avoid module >>> re-linking on all non-module semanage changes IIUC. Could be >>> compressed; just means you have to pay the cost of uncompressing it >>> before using it in libsemanage. >>> >> >> On my Fedora 20 system a linked policy is 32 meg, bzip2 linked policy is >> 768k. > > I wasn't going to bother with saving the current linked policy, just a > copy of the kernel policy before merging local customizations. There is > no linked policy in cil (on #integration) so basing anything on it is > likely not a good idea, and by writing out the kernel policy before > merging, we end up with something that is smaller and more readily > usable on the next transaction. > This is correct. CIL does not generate a linked policy, so in order for this change to be compatible with the CIL integration we would have to store the kernel policy. Also, this patch looks good to me. - Steve _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
