On Mon, Sep 26, 2016 at 10:43 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 09/26/2016 10:22 AM, Janis Danisevskis wrote: >> The "-r" flag of sefcontext_compile now causes it to omit the >> precompiled regular expressions from the output. > > The code itself looks ok, aside from William's suggestion. Experimenting > with this a bit, I noticed the following difference in sizes among the > various options: > > 383165 file_contexts (text) > 1507941 file_contexts.bin (binary with pcre1 regexes) > 8304105 file_contexts.bin (binary with pcre2 regexes) > 540540 file_contexts.bin (binary omitting pcre2 regexes, via -r) > > The increase in file_contexts.bin size from pcre1 to pcre2 (unless using > -r) is quite substantial. Wondering how that affects the cost/benefit > tradeoff... I think a lot of it might be with how complex your regex's are. Android is pretty simple, which shows, as textual and binary load times are pretty close. I think judicious use of -r and knowing what works best for your arch/build/fc entries, at the moment, is likely required. <snip> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
