I am thinking of adding compression to libselinux
kaperang07 at gmail.com
kaperang07 at gmail.com
Thu Sep 12 12:01:41 UTC 2013
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Basically looking at compressing the policy file to shrink SELinux footprint
> in the minimal install/cloud image.
>
> Currently the policy modules (pp files) are shipped with bzip compression but
> the actually policy file.
>
> But the /etc/selinux/targeted/policy/policy.29 is not compressed. systemd and
> load_policy use libselinux to read in the policy file and load it into the
> kernel, so since systemd currently uses libxz, I figured this would be the
> best solution to add libxz support to libselinux.
>
> ls -l /etc/selinux/targeted/policy/policy.29*
> - -rw-r--r--. 1 root root 2703245 Sep 11 13:56
> /etc/selinux/targeted/policy/policy.29
> - -rw-r--r--. 1 root root 395072 Sep 11 13:56
> /etc/selinux/targeted/policy/policy.29.xz
>
> Worth the effort?
>
> Should I use a different algorithm?
>
> Advise on using libxz? Keep memory small?
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlIxqzoACgkQrlYvE4MpobMnkACgk+NeEeHuFSECZwoHF9B3UmTb
> fCYAn2BfSemECcSPXIxCd7OCSkyIOXgO
> =ZD3h
> -----END PGP SIGNATURE-----
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
If the loss of time when loading selinux-policy (not a one policy module, but all of them) will not be large, it is worth it :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130912/7e38f33f/attachment.html>
More information about the devel
mailing list