summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhilip Tricca <flihp@twobit.us>2013-10-21 18:06:52 +0000
committerJoe MacDonald <joe@deserted.net>2013-12-05 09:03:41 -0500
commitd549fef3f4c41140b8f74263724deb75c9b5908e (patch)
tree510ab7ed6577036d7a01605012b7a30f6c768718
parentef44ec6d282b012c12e7f464e38407cb07ed0459 (diff)
downloadmeta-selinux-d549fef3f4c41140b8f74263724deb75c9b5908e.tar.gz
bzip SELinux policy modules in ${datadir}
The 'semodule' utility can operate on compresed modules so the only cost of this change is a slower module load time when invoking 'semodule -i' on a running system (increased CPU load due to bzip2). That said my tests show more than 100M reduction in ext3 image size of core-image-selinux. This last metric is a bit skewed as the image includes two policies. Still, a reduction in the size of the refpolicy package by 1/2 is significant. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat
-rw-r--r--recipes-security/refpolicy/refpolicy_common.inc9
1 files changed, 5 insertions, 4 deletions
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 2ee42e1..b46903f 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -12,7 +12,7 @@ SRC_URI += "file://customizable_types \
12S = "${WORKDIR}/refpolicy" 12S = "${WORKDIR}/refpolicy"
13 13
14FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \ 14FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
15 ${datadir}/selinux/${POLICY_NAME}/*.pp" 15 ${datadir}/selinux/${POLICY_NAME}/*.pp.bz2"
16FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/" 16FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
17 17
18DEPENDS += "checkpolicy-native policycoreutils-native m4-native" 18DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,11 +79,12 @@ EOF
79 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules 79 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
80 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files 80 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
81 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local 81 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
82 bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp > \
83 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
84 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do 82 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
83 bzip2 $i
85 if [ "`basename $i`" != "base.pp" ]; then 84 if [ "`basename $i`" != "base.pp" ]; then
86 bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`; 85 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
86 else
87 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
87 fi 88 fi
88 done 89 done
89 90
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-25 23:15:05 +0000