Daniel J Walsh pise:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/27/2012 10:34 AM, Sergio wrote:
>
>>>>
>>>> The policy configuration supports two options:
>>>>
>>>> 1. silently deny this: setsebool -P
>>> vbetool_mmap_zero_ignore on
>>>>
>>>> or
>>>>
>>>> 2. allow this: setsebool -P mmap_low_allowed on
>>>>
>>>>
>>>>
>>>
>>> A better solution is probably
>>>
>>> yum remove vbetool
>>>
>>> Since most people do not need it.
>>
>
> For the while I went with
>
> # setsebool -P mmap_low_allowed on
>
> And it's taking quite a while to complete the job. The command is using
> almost all of my old Athlon CPU for quite some time already.
>
> Is this normal?
>
> Note: last selinux-policy-targeted update got stuck and I eventually had to
> stop it and then complete it afterwards (with yum-complete-transaction).
> Just saying to give a perspective. Maybe I should stop the setsebool
> process (not doing anything now in case I get an answer)? -- selinux
> mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
setsebool -P and semanage commands are slow, they are doing a full recompile
of all policy.
OK, I understand this. But what's the reason to be
semanage boolean -l
much slower than
getsebool -a
No recompiling, just gathering the booleans default state and short summary
in addition to the second command.
--
--Zdenek Pytela, <pytela(a)phil.muni.cz>