smaller memory footprint for 'strict' policy - helping gentoo as well

[Luke Kenneth Casson Leighton <lkcl@lkcl.net>]

following on from me blithering on about gentoo, and tying
in valdis' questions about smaller "strict" memory footprints
[gods, i had no idea: i was going to recommend a strict selinux
policy for 128mb machines let alone 256!], what is the way forward?

valdis raised the question: does the new binary module system minimise
the amount of memory used?

does that _actually_ help out wrt complexity of the selinux policy
_source_ (probably not).

hm, to avoid confusion - the requirements:

* to minimise memory usage at runtime

* to keep the number of source code files and size of source code
  files to _absolute_ minimum (if done properly should cover 1st
  requirement as well).

* to still make it possible to have redhat-loved run-time "modules"
  including having their associated runtime booleans.

* to still understand what's going on :)

... would the concept of a macros/unused directory help out, here?
along with a list of the macros you removed (and the files
they're in), valdis - and why.  and chris, also?

... surely... there's some analysis done by the m4 macro
compiler that automatically removes "unwanted" / "unused"
macros?

could that be done as a separate pre-pass / analysis step,
making it unnecessary to consider a macros/unused directory?

any further thoughts, anyone?

l.

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.