From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: RE: I would like to propose that we add compression to handle allpolicy files on disk. From: Karl MacMillan To: Joshua Brindle Cc: Stephen Smalley , Daniel J Walsh , SE Linux In-Reply-To: <6FE441CD9F0C0C479F2D88F959B01588514F17@exchange.columbia.tresys.com> References: <6FE441CD9F0C0C479F2D88F959B01588514F17@exchange.columbia.tresys.com> Content-Type: text/plain Date: Thu, 09 Nov 2006 13:43:50 -0500 Message-Id: <1163097830.32083.52.camel@localhost.localdomain> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thu, 2006-11-09 at 12:00 -0500, Joshua Brindle wrote: > > From: Stephen Smalley [mailto:sds@tycho.nsa.gov] > > > > On Thu, 2006-11-09 at 10:13 -0500, Stephen Smalley wrote: > > > On Thu, 2006-11-09 at 09:34 -0500, Joshua Brindle wrote: > > > > Sounds like dropping base.linked and making previous optional would > > > address the problem more effectively. Also, do we need to keep > > > policy.kern after successful installation of policy.N? If > > not, we can > > > have libsemanage unlink it automatically after installation. > > > > Same question for any other file regenerated by every commit, > > although we may not get much of a savings from the others. > > file_contexts.template, file_contexts, and netfilter_contexts > > are the most obvious ones. > > > > Karl suggested that we can compress the policy packages but not the > kernel policy. As long as this isn't a policy package format change > (eg., the policy packages in /usr/share/selinux are the same they've > always been) and it is only libsemanage manipulating the files in the > store I'm fine with that. The module store is a private resource of > libsemanage so nothing else should be affected in any way by this. > Making semodule recognize bzipped files should be pretty simple as well - why wouldn't we do that to save space in /usr/share/selinux? > This will slow down some otherwise cheap operations such as semodule -l, > rather than just opening the files and reading the policy name it'll > have to decompress them first, I'm not sure what the performance cost > will be.. Perhaps this should be configurable as well. > If we make printing the version optional we should be able to do this with only name mangling on the file names in the module directory. We should probably make it possible just to get a list of module names anyway to facilitate scripting. Karl -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.