SE Linux installer changes needed - was Re: /etc/ld.so.cache and FC4T3
Russell Coker
russell at coker.com.au
Sun May 15 17:09:06 UTC 2005
On Monday 16 May 2005 01:06, Russell Coker <russell at coker.com.au> wrote:
> I've attached a little Perl script that will munge a targeted policy. It
> replaces most type and domain definitions with typealias rules and reduces
> the policy binary size from 4176K to 60K. That saves 4116K of kernel
> memory and almost 700K on the cramfs. The saving of 4M of kernel memory
> will make a huge difference to the install on small machines. Currently
> it's almost impossible to install a FC4 test version on a machine with 64M
> of RAM, this change will give the same result as adding another 4M of RAM
> to machines for the installer (particularly important for machines that run
> out of RAM before completing the partitioning process).
I've attached a new version, my first version had a bug that caused files
created in the post install scripts of packages and the post install for
kickstart get the wrong type. For reference, if the type on a directory is
an alias it seems that new objects created under the directory get the base
type in the security.selinux xattr not the alias name.
Anyway with this change the result is correct (verified by running setfiles -v
on a fresh install - I found evidence of other bugs but no bugs caused by my
code). The policy.19 file will now be 444K in size, this saves 3732K of
kernel memory which is still worth doing.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tiny.pl
Type: application/x-perl
Size: 1177 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20050516/22c9aa79/attachment-0002.bin
More information about the devel
mailing list