On Thu, Apr 30, 2020 at 10:25 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Tue, Apr 28, 2020 at 11:29 AM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > On Tue, Apr 28, 2020 at 4:49 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > > > On Mon, Apr 27, 2020 at 9:39 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > On Tue, Mar 31, 2020 at 4:30 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > > > > > > > On Sat, Mar 28, 2020 at 8:46 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > > > > > > > > > Implement a new, more space-efficient form of storing filename > > > > > > transitions in the binary policy. The internal structures have already > > > > > > been converted to this new representation; this patch just implements > > > > > > reading/writing an equivalent representation from/to the binary policy. > > > > > > > > > > > > This new format reduces the size of Fedora policy from 7.6 MB to only > > > > > > 3.3 MB (with policy optimization enabled in both cases). With the > > > > > > unconfined module disabled, the size is reduced from 3.3 MB to 2.4 MB. > > > > > > > > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > > > > > > > > > Acked-by: James Carter <jwcart2@xxxxxxxxx> > > > > > > > > > > > > > Sorry, it has been a while. > > > > > > No problem. I would've merged it myself, I just wasn't sure if we > > > shouldn't try to do something about the setools issue somehow... But I > > > really don't feel like touching that code, so if the consensus is that > > > this is worth the breakage then I'm fine with it :) > > > > > > > I thought the consensus was to apply this now, but it would be nice to > > not break setools, so I am going to hold off merging for day or two > > and take a look at how much work it would be to export what setools > > needs. > > There was an earlier discussion about whether we ought to make another > selinux userspace release soon. > If so, we should defer applying this change until after that release > to avoid breaking setools with no fix > in sight for it. I agree. That discussion was what got me really thinking about what to do about setools. Jim
