Is it to be expected that checkfc would actually fail on refpolicy? $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts Error: "fs_type" is not defined in this policy. I could comment out the validation callback... but just wondering if this is expected. On Fri, Oct 14, 2016 at 9:08 AM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and > it only took 4 seconds. > > On Fri, Oct 14, 2016 at 9:07 AM, William Roberts > <bill.c.roberts@xxxxxxxxx> wrote: >> Likely not, I see it compiling version 29 and I am on ubuntu which is >> way out of date with this stuff... should I just use the checkpolicy >> from my AOSP tree? >> >> Or should I just install with some particular set of options from >> selinux master repo? >> >> On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >>> On 10/14/2016 09:02 AM, William Roberts wrote: >>>> Looks like make MONOLITHIC=y policy to get the binary policy file.... >>>> >>>> Is it normal for checkpolicy to take 5 minutes? >>> >>> No, at least not with a modern checkpolicy. Are you using a current >>> version? >>> >>> $ time make MONOLITHIC=y policy >>> Compiling refpolicy policy.30 >>> /usr/bin/checkpolicy -U deny policy.conf -o policy.30 >>> /usr/bin/checkpolicy: loading policy configuration from policy.conf >>> /usr/bin/checkpolicy: policy configuration loaded >>> /usr/bin/checkpolicy: writing binary representation (version 30) to >>> policy.30 >>> >>> real 0m3.341s >>> user 0m3.280s >>> sys 0m0.061s >>> >>>> >>>>>From TOP: >>>> 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 >>>> checkpolicy >>>> >>>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >>>>> On 10/13/2016 03:28 PM, Roberts, William C wrote: >>>>>> I was looking back at my speedup patch for nodups specs… >>>>>> >>>>>> http://marc.info/?l=selinux&m=147249024230263&w=2 >>>>>> >>>>>> >>>>>> >>>>>> I was testing before with a large, generated file_context file. I was >>>>>> wondering what would be a good source for >>>>>> >>>>>> A desktop version of a file_contexts (textual preference as I can run >>>>>> sefcontext_compile on it) file as well as a binary >>>>>> >>>>>> policy file…. >>>>>> >>>>>> >>>>>> >>>>>> Should I just use refpolicy? >>>>> >>>>> That's probably fine, unless you happen to have Fedora installed and can >>>>> just use its file_contexts file. >>>>> >>>>> $ cd refpolicy >>>>> $ make MONOLITHIC=y conf >>>>> $ make MONOLITHIC=y file_contexts >>>>> $ wc -l file_contexts >>>>> 4908 file_contexts >>>>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >>>>> 6075 /etc/selinux/targeted/contexts/files/file_contexts >>>>> >>>>> >>>>> _______________________________________________ >>>>> Selinux mailing list >>>>> Selinux@xxxxxxxxxxxxx >>>>> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >>>>> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. >>>> >>>> >>>> >>> >> >> >> >> -- >> Respectfully, >> >> William C Roberts > > > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
