From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <45536A1A.50101@redhat.com> Date: Thu, 09 Nov 2006 12:49:14 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: Joshua Brindle CC: Stephen Smalley , SE Linux Subject: Re: I would like to propose that we add compression to handle allpolicy files on disk. References: <6FE441CD9F0C0C479F2D88F959B01588514F17@exchange.columbia.tresys.com> In-Reply-To: <6FE441CD9F0C0C479F2D88F959B01588514F17@exchange.columbia.tresys.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Joshua Brindle wrote: >> From: Stephen Smalley [mailto:sds@tycho.nsa.gov] >> >> On Thu, 2006-11-09 at 10:13 -0500, Stephen Smalley wrote: >> >>> On Thu, 2006-11-09 at 09:34 -0500, Joshua Brindle wrote: >>> > > >>> Sounds like dropping base.linked and making previous optional would >>> address the problem more effectively. Also, do we need to keep >>> policy.kern after successful installation of policy.N? If >>> >> not, we can >> >>> have libsemanage unlink it automatically after installation. >>> >> Same question for any other file regenerated by every commit, >> although we may not get much of a savings from the others. >> file_contexts.template, file_contexts, and netfilter_contexts >> are the most obvious ones. >> >> > > Karl suggested that we can compress the policy packages but not the > kernel policy. As long as this isn't a policy package format change > (eg., the policy packages in /usr/share/selinux are the same they've > always been) and it is only libsemanage manipulating the files in the > store I'm fine with that. The module store is a private resource of > libsemanage so nothing else should be affected in any way by this. > > This will slow down some otherwise cheap operations such as semodule -l, > rather than just opening the files and reading the policy name it'll > have to decompress them first, I'm not sure what the performance cost > will be.. Perhaps this should be configurable as well. > > Matt Anderson also mentioned using libbz2 which is more space efficient > and has a better security history, so embedded installations include > that library? > > With bzip2 compression and nothing removed from the store I'm getting > around 670k for the active store (so *2 if previous sticks around). With > all the superfluous files removed the store is around 210k. > > What kind of size were we looking for again? > What ever we can get. This discussion started with, the minimal install of Fedora currently is approaching 500 Meg. A fairly large percentage of this is SELinux related. I would like to make the percentage insignificant. Since most of the files sit around doing nothing. :^) -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.