From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <45534F6D.2090306@tresys.com> Date: Thu, 09 Nov 2006 10:55:25 -0500 From: Joshua Brindle MIME-Version: 1.0 To: Stephen Smalley CC: Daniel J Walsh , SE Linux Subject: Re: I would like to propose that we add compression to handle all policy files on disk. References: <45533208.6050806@redhat.com> <45533C71.3080802@tresys.com> <1163085214.12241.300.camel@moss-spartans.epoch.ncsc.mil> <1163085786.12241.307.camel@moss-spartans.epoch.ncsc.mil> In-Reply-To: <1163085786.12241.307.camel@moss-spartans.epoch.ncsc.mil> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Stephen Smalley wrote: > On Thu, 2006-11-09 at 10:13 -0500, Stephen Smalley wrote: >> On Thu, 2006-11-09 at 09:34 -0500, Joshua Brindle wrote: >>> >>> Additionally, on Fedora libz is in /usr/lib which means init won't be >>> able to use it to decompress the policy at boot time, I really don't >>> think we should be pulling a static libz into libselinux and libsepol. >> Sounds like dropping base.linked and making previous optional would >> address the problem more effectively. Also, do we need to keep >> policy.kern after successful installation of policy.N? If not, we can >> have libsemanage unlink it automatically after installation. > > Same question for any other file regenerated by every commit, although > we may not get much of a savings from the others. > file_contexts.template, file_contexts, and netfilter_contexts are the > most obvious ones. > We obviously didn't optimize this for space before, it was nice having all the files around for development and debugging purposes, and we might have been able to do some speed optimizations later by keeping caches of everything around but that isn't much of a concern now (I haven't had speed issues with semodule since optionals in base take 2) deleting everything except base.pp, commit_num and modules gave a couple more meg: [root@poisonivy targeted]# du -sh modules/ 9.1M modules/ Note, this is with a huge base.pp (8.1 meg), I would expect embedded systems to have a very cut down SELinux policy (for a number of reasons other than policy storage size). So this number should go down significantly on a true embedded configuration. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.