Re: [patch] SELinux: trivial, unify iterator variable naming, part 3

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <stephen.smalley@gmail.com>
To: Vesa-Matti J Kari <vmkari@cc.helsinki.fi>
Cc: James Morris <jmorris@namei.org>,
	Eric Paris <eparis@parisplace.org>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Paul Moore <paul.moore@hp.com>,
	selinux@tycho.nsa.gov
Subject: Re: [patch] SELinux: trivial, unify iterator variable naming, part 3
Date: Thu, 24 Jul 2008 21:20:37 -0400	[thread overview]
Message-ID: <1216948850.5185.10.camel@sulphur> (raw)
In-Reply-To: <Pine.LNX.4.64L.0807241800060.14689@ruuvi.it.helsinki.fi>

On Thu, 2008-07-24 at 19:00 +0300, Vesa-Matti J Kari wrote:
> Hello,
> 
> On Thu, 24 Jul 2008, James Morris wrote:
> 
> > I'm not applying these variable renaming patches, as they peturb the code
> > for no established benefit.
> 
> That's all right.
> 
> > I suggest reading the following carefully on how to submit patches:
> > http://www.zipworld.com.au/~akpm/linux/patches/stuff/tpp.txt
> 
> Thanks a lot. I try to be more careful. I suppose I have to resend one
> patch, as I forgot to CC the kernel list, and the patch was not really
> conforming to the rules specified above, either.
> 
> > It's also generally best to simply use git to create patches (e.g. via
> > git-format-patch).
> 
> OK, I have to learn how to use git.
> 
> > Something that would be particularly useful at this stage would be to see
> > if you can reproduce a long delay in booting the current git tree possibly
> > related to SELinux policy loading:
> >
> > [    6.904650] EXT3-fs: mounted filesystem with ordered data mode.
> > [    7.076411] type=1404 audit(1216904882.076:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
> > [   59.445985] SELinux: 8192 avtab hash slots, 1815416 rules.
> > [   60.812559] SELinux: 8192 avtab hash slots, 1979772 rules.
> 
> It boots quite quickly on my Fedora 9, but the boot log shows
> significantly less rules than yours. If you really have that much rules, I
> guess your hash chains will have to be much longer too...
> 
> The 171021 vs 1979772 is strange, ratio being approx. 1:11.
> 
> Here is what I have:
> 
> EXT3-fs: mounted filesystem with ordered data mode.
> type=1404 audit(1216911601.748:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
> SELinux: 8192 avtab hash slots, 171021 rules.
> SELinux: 8192 avtab hash slots, 171021 rules.

Yes, that looks more reasonable than James' output.
James - semodule -l output?  rpm -V selinux-policy-targeted output?
If you move aside the policy.N file and run semodule -B, do you end up
with the same size policy or one that is more reasonable?

Also, libsepol version is of interest here.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-07-25  1:23 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-20 23:24 [patch] SELinux: trivial, unify iterator variable naming, part 3 Vesa-Matti J Kari
2008-07-24 13:28 ` James Morris
2008-07-24 16:00   ` Vesa-Matti J Kari
2008-07-25  1:20     ` Stephen Smalley [this message]
2008-07-25 13:03       ` James Morris
2008-07-25 13:19         ` Stephen Smalley
2008-07-25 14:47           ` James Morris
2008-07-26  0:45             ` Stephen Smalley
2008-07-26 14:23               ` Paul Moore
2008-07-28 18:13                 ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1216948850.5185.10.camel@sulphur \
    --to=stephen.smalley@gmail.com \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=paul.moore@hp.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=vmkari@cc.helsinki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.