Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and it only took 4 seconds. On Fri, Oct 14, 2016 at 9:07 AM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > Likely not, I see it compiling version 29 and I am on ubuntu which is > way out of date with this stuff... should I just use the checkpolicy > from my AOSP tree? > > Or should I just install with some particular set of options from > selinux master repo? > > On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On 10/14/2016 09:02 AM, William Roberts wrote: >>> Looks like make MONOLITHIC=y policy to get the binary policy file.... >>> >>> Is it normal for checkpolicy to take 5 minutes? >> >> No, at least not with a modern checkpolicy. Are you using a current >> version? >> >> $ time make MONOLITHIC=y policy >> Compiling refpolicy policy.30 >> /usr/bin/checkpolicy -U deny policy.conf -o policy.30 >> /usr/bin/checkpolicy: loading policy configuration from policy.conf >> /usr/bin/checkpolicy: policy configuration loaded >> /usr/bin/checkpolicy: writing binary representation (version 30) to >> policy.30 >> >> real 0m3.341s >> user 0m3.280s >> sys 0m0.061s >> >>> >>>>From TOP: >>> 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 >>> checkpolicy >>> >>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >>>> On 10/13/2016 03:28 PM, Roberts, William C wrote: >>>>> I was looking back at my speedup patch for nodups specs… >>>>> >>>>> http://marc.info/?l=selinux&m=147249024230263&w=2 >>>>> >>>>> >>>>> >>>>> I was testing before with a large, generated file_context file. I was >>>>> wondering what would be a good source for >>>>> >>>>> A desktop version of a file_contexts (textual preference as I can run >>>>> sefcontext_compile on it) file as well as a binary >>>>> >>>>> policy file…. >>>>> >>>>> >>>>> >>>>> Should I just use refpolicy? >>>> >>>> That's probably fine, unless you happen to have Fedora installed and can >>>> just use its file_contexts file. >>>> >>>> $ cd refpolicy >>>> $ make MONOLITHIC=y conf >>>> $ make MONOLITHIC=y file_contexts >>>> $ wc -l file_contexts >>>> 4908 file_contexts >>>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >>>> 6075 /etc/selinux/targeted/contexts/files/file_contexts >>>> >>>> >>>> _______________________________________________ >>>> Selinux mailing list >>>> Selinux@xxxxxxxxxxxxx >>>> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >>>> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. >>> >>> >>> >> > > > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
