-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/02/2012 09:21 AM, Zdenek Pytela wrote:
Daniel J Walsh pise:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> On 09/27/2012 10:34 AM, Sergio wrote:
>>
>>>>>
>>>>> The policy configuration supports two options:
>>>>>
>>>>> 1. silently deny this: setsebool -P
>>>> vbetool_mmap_zero_ignore on
>>>>>
>>>>> or
>>>>>
>>>>> 2. allow this: setsebool -P mmap_low_allowed on
>>>>>
>>>>>
>>>>>
>>>>
>>>> A better solution is probably
>>>>
>>>> yum remove vbetool
>>>>
>>>> Since most people do not need it.
>>>
>>
>> For the while I went with
>>
>> # setsebool -P mmap_low_allowed on
>>
>> And it's taking quite a while to complete the job. The command is
>> using almost all of my old Athlon CPU for quite some time already.
>>
>> Is this normal?
>>
>> Note: last selinux-policy-targeted update got stuck and I eventually
>> had to stop it and then complete it afterwards (with
>> yum-complete-transaction). Just saying to give a perspective. Maybe I
>> should stop the setsebool process (not doing anything now in case I get
>> an answer)? -- selinux mailing list selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>
>
> setsebool -P and semanage commands are slow, they are doing a full
> recompile of all policy.
OK, I understand this. But what's the reason to be semanage boolean -l much
slower than getsebool -a No recompiling, just gathering the booleans
default state and short summary in addition to the second command.
Yes this is because semanage is doing a lot of initialization stuff that could
probably be avoided if we were a little smarter.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://www.enigmail.net/
iEYEARECAAYFAlBrL3gACgkQrlYvE4MpobNwwwCbBjKPyd+SslomlyJJHj3xggJv
toYAnixNTm/kNynaC5fDi7QBGN8P5Qjt
=vErS
-----END PGP SIGNATURE-----