Skip binary policy optimization on rebuild when the --no-optimize
command-line flag is given.
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
policycoreutils/semodule/semodule.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
index a76797f5..f490ca2e 100644
--- a/policycoreutils/semodule/semodule.c
+++ b/policycoreutils/semodule/semodule.c
@@ -46,6 +46,7 @@ static int verbose;
static int reload;
static int no_reload;
static int build;
+static int no_optimize;
static int disable_dontaudit;
static int preserve_tunables;
static int ignore_module_cache;
@@ -123,8 +124,9 @@ static void usage(char *progname)
printf("usage: %s [option]... MODE...\n", progname);
printf("Manage SELinux policy modules.\n");
printf("MODES:\n");
- printf(" -R, --reload reload policy\n");
- printf(" -B, --build build and reload policy\n");
+ printf(" -R,--reload reload policy\n");
+ printf(" -B,--build build and reload policy\n");
+ printf(" --no-optimize do not optimize built policy\n");
printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
printf(" -i,--install=MODULE_PKG install a new module\n");
printf(" -r,--remove=MODULE_NAME remove existing module at desired priority\n");
@@ -191,6 +193,7 @@ static void parse_command_line(int argc, char **argv)
{"reload", 0, NULL, 'R'},
{"noreload", 0, NULL, 'n'},
{"build", 0, NULL, 'B'},
+ {"no-optimize", 0, NULL, 'O'},
{"disable_dontaudit", 0, NULL, 'D'},
{"preserve_tunables", 0, NULL, 'P'},
{"ignore-module-cache", 0, NULL, 'C'},
@@ -268,6 +271,9 @@ static void parse_command_line(int argc, char **argv)
case 'B':
build = 1;
break;
+ case 'O':
+ no_optimize = 1;
+ break;
case 'D':
disable_dontaudit = 1;
break;
@@ -738,6 +744,8 @@ cleanup_disable:
semanage_set_reload(sh, 0);
if (build)
semanage_set_rebuild(sh, 1);
+ if (no_optimize)
+ semanage_set_optimize(sh, 0);
if (disable_dontaudit)
semanage_set_disable_dontaudit(sh, 1);
else if (build)
--
2.20.1
