From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4559D697.4080800@redhat.com> Date: Tue, 14 Nov 2006 09:45:43 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: Stephen Smalley CC: Karl MacMillan , Joshua Brindle , SE Linux Subject: Re: I would like to propose that we add compression to handle allpolicy files on disk. References: <6FE441CD9F0C0C479F2D88F959B01588514F17@exchange.columbia.tresys.com> <1163097830.32083.52.camel@localhost.localdomain> <1163106106.12241.399.camel@moss-spartans.epoch.ncsc.mil> In-Reply-To: <1163106106.12241.399.camel@moss-spartans.epoch.ncsc.mil> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Stephen Smalley wrote: > On Thu, 2006-11-09 at 13:43 -0500, Karl MacMillan wrote: > >> On Thu, 2006-11-09 at 12:00 -0500, Joshua Brindle wrote: >> >>>> From: Stephen Smalley [mailto:sds@tycho.nsa.gov] >>>> >>>> On Thu, 2006-11-09 at 10:13 -0500, Stephen Smalley wrote: >>>> >>>>> On Thu, 2006-11-09 at 09:34 -0500, Joshua Brindle wrote: >>>>> >>>>> Sounds like dropping base.linked and making previous optional would >>>>> address the problem more effectively. Also, do we need to keep >>>>> policy.kern after successful installation of policy.N? If >>>>> >>>> not, we can >>>> >>>>> have libsemanage unlink it automatically after installation. >>>>> >>>> Same question for any other file regenerated by every commit, >>>> although we may not get much of a savings from the others. >>>> file_contexts.template, file_contexts, and netfilter_contexts >>>> are the most obvious ones. >>>> >>>> >>> Karl suggested that we can compress the policy packages but not the >>> kernel policy. As long as this isn't a policy package format change >>> (eg., the policy packages in /usr/share/selinux are the same they've >>> always been) and it is only libsemanage manipulating the files in the >>> store I'm fine with that. The module store is a private resource of >>> libsemanage so nothing else should be affected in any way by this. >>> >>> >> Making semodule recognize bzipped files should be pretty simple as well >> - why wouldn't we do that to save space in /usr/share/selinux? >> > > Why do we need to keep /usr/share/selinux/$SELINUXTYPE/*.pp around > _after_ a successful run of semodule from %post? Why not just remove > them after installation? And move enableaudit.pp into a separate -debug > package. > > Because that is not the way RPM works. :^( Anything in the payload gets left on disk, Removing them in the post would be bad and would screw up rpm -V. I am planning on compressing them, and changing the post install to uncompress into a temp dir during install. That way it will at least be less of a problem. That along with elimination of some of the stuff in modules subdirs should save us a lot of space, until we get some consensus on compression of the pp files. Dan -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.