Re: I would like to propose that we add compression to handle allpolicy files on disk.

[Daniel J Walsh <dwalsh@redhat.com>]

Stephen Smalley wrote:
> On Thu, 2006-11-09 at 13:43 -0500, Karl MacMillan wrote:
>   
>> On Thu, 2006-11-09 at 12:00 -0500, Joshua Brindle wrote:
>>     
>>>> From: Stephen Smalley [mailto:sds@tycho.nsa.gov] 
>>>>
>>>> On Thu, 2006-11-09 at 10:13 -0500, Stephen Smalley wrote:
>>>>         
>>>>> On Thu, 2006-11-09 at 09:34 -0500, Joshua Brindle wrote:
>>>>>           
>>>>> Sounds like dropping base.linked and making previous optional would 
>>>>> address the problem more effectively.  Also, do we need to keep 
>>>>> policy.kern after successful installation of policy.N?  If 
>>>>>           
>>>> not, we can 
>>>>         
>>>>> have libsemanage unlink it automatically after installation.
>>>>>           
>>>> Same question for any other file regenerated by every commit, 
>>>> although we may not get much of a savings from the others.
>>>> file_contexts.template, file_contexts, and netfilter_contexts 
>>>> are the most obvious ones.
>>>>
>>>>         
>>> Karl suggested that we can compress the policy packages but not the
>>> kernel policy. As long as this isn't a policy package format change
>>> (eg., the policy packages in /usr/share/selinux are the same they've
>>> always been) and it is only libsemanage manipulating the files in the
>>> store I'm fine with that. The module store is a private resource of
>>> libsemanage so nothing else should be affected in any way by this. 
>>>
>>>       
>> Making semodule recognize bzipped files should be pretty simple as well
>> - why wouldn't we do that to save space in /usr/share/selinux?
>>     
>
> Why do we need to keep /usr/share/selinux/$SELINUXTYPE/*.pp around
> _after_ a successful run of semodule from %post?  Why not just remove
> them after installation?  And move enableaudit.pp into a separate -debug
> package.
>
>   
Because that is not the way RPM works.  :^(  Anything in the payload 
gets left on disk, Removing them in the post would be bad and would 
screw up rpm -V.

I am planning on compressing them, and changing the post install to 
uncompress into a temp dir during install.  That way it will at least be 
less of a problem.

That along with elimination of some of the stuff in modules subdirs 
should save us a lot of space, until we get some consensus on 
compression of the pp files.

Dan

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.