I am thinking of adding compression to libselinux

Daniel J Walsh dwalsh at redhat.com
Thu Sep 12 11:53:30 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Basically looking at compressing the policy file to shrink SELinux footprint
in the minimal install/cloud image.

Currently the policy modules (pp files) are shipped with bzip compression but
the actually policy file.

But the /etc/selinux/targeted/policy/policy.29 is not compressed.  systemd and
load_policy use libselinux to read in the policy file and load it into the
kernel, so since systemd currently uses libxz, I figured this would be the
best solution to add libxz support to libselinux.

ls -l /etc/selinux/targeted/policy/policy.29*
- -rw-r--r--. 1 root root 2703245 Sep 11 13:56
/etc/selinux/targeted/policy/policy.29
- -rw-r--r--. 1 root root 395072 Sep 11 13:56
/etc/selinux/targeted/policy/policy.29.xz

Worth the effort?

Should I use a different algorithm?

Advise on using libxz?  Keep memory small?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIxqzoACgkQrlYvE4MpobMnkACgk+NeEeHuFSECZwoHF9B3UmTb
fCYAn2BfSemECcSPXIxCd7OCSkyIOXgO
=ZD3h
-----END PGP SIGNATURE-----


More information about the devel mailing list