semanage slow (Should I ignore or report this avc denial?)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/27/2012 10:34 AM, Sergio wrote: > >>>> >>>> The policy configuration supports two options: >>>> >>>> 1. silently deny this: setsebool -P >>> vbetool_mmap_zero_ignore on >>>> >>>> or >>>> >>>> 2. allow this: setsebool -P mmap_low_allowed on >>>> >>>> >>>> >>> >>> A better solution is probably >>> >>> yum remove vbetool >>> >>> Since most people do not need it. >> > > For the while I went with > > # setsebool -P mmap_low_allowed on > > And it's taking quite a while to complete the job. The command is using > almost all of my old Athlon CPU for quite some time already. > > Is this normal? > > Note: last selinux-policy-targeted update got stuck and I eventually had to > stop it and then complete it afterwards (with yum-complete-transaction). > Just saying to give a perspective. Maybe I should stop the setsebool > process (not doing anything now in case I get an answer)? -- selinux > mailing list selinux(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux > > setsebool -P and semanage commands are slow, they are doing a full recompile of all policy.