Re: I would like to propose that we add compression to handle all policy files on disk.

[Joshua Brindle <jbrindle@tresys.com>]

Stephen Smalley wrote:
> On Thu, 2006-11-09 at 10:13 -0500, Stephen Smalley wrote:
>> On Thu, 2006-11-09 at 09:34 -0500, Joshua Brindle wrote:
>>>
>>> Additionally, on Fedora libz is in /usr/lib which means init won't be 
>>> able to use it to decompress the policy at boot time, I really don't 
>>> think we should be pulling a static libz into libselinux and libsepol.
>> Sounds like dropping base.linked and making previous optional would
>> address the problem more effectively.  Also, do we need to keep
>> policy.kern after successful installation of policy.N?  If not, we can
>> have libsemanage unlink it automatically after installation.
> 
> Same question for any other file regenerated by every commit, although
> we may not get much of a savings from the others.
> file_contexts.template, file_contexts, and netfilter_contexts are the
> most obvious ones.
> 

We obviously didn't optimize this for space before, it was nice having 
all the files around for development and debugging purposes, and we 
might have been able to do some speed optimizations later by keeping 
caches of everything around but that isn't much of a concern now (I 
haven't had speed issues with semodule since optionals in base take 2)


deleting everything except base.pp, commit_num and modules gave a couple 
more meg:

[root@poisonivy targeted]# du -sh modules/
9.1M    modules/

Note, this is with a huge base.pp (8.1 meg), I would expect embedded 
systems to have a very cut down SELinux policy (for a number of reasons 
other than policy storage size). So this number should go down 
significantly on a true embedded configuration.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.