RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-26 16:02:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
f7cb5901f1
selinux/libsepol
History
Ondrej Mosnacek b8213acff8 libsepol: add a function to optimize kernel policy 
Add sepol_policydb_optimize(), which checks a kernel policy for
redundant rules (i.e. those that are covered by an existing more general
rule) and removes them.

Results on Fedora 29 policy:

WITHOUT OPTIMIZATION:
    # time semodule -B
    real    0m21,280s
    user    0m18,636s
    sys     0m2,525s

    $ wc -c /sys/fs/selinux/policy
    8692158 /sys/fs/selinux/policy

    $ seinfo (edited)
      Allow:            113159
      Dontaudit:         10297
      Total:            123156

WITH OPTIMIZATION ENABLED:
    # time semodule -B
    real    0m22,825s
    user    0m20,178s
    sys     0m2,520s

    $ wc -c /sys/fs/selinux/policy
    8096158 /sys/fs/selinux/policy

    $ seinfo (edited)
      Allow:             66334
      Dontaudit:          7480
      Total:             73814

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2019-06-25 10:11:00 -04:00
..
cil libsepol/cil: fix mlsconstrain segfault 2019-06-19 09:01:23 -07:00
include libsepol: add a function to optimize kernel policy 2019-06-25 10:11:00 -04:00
man Allow installing translated man pages 2019-01-28 12:03:57 +01:00
src libsepol: add a function to optimize kernel policy 2019-06-25 10:11:00 -04:00
tests libsepol: add ebitmap_for_each_set_bit macro 2019-05-20 14:00:32 -04:00
utils libsepol: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 15:59:36 +01:00
.gitignore libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
COPYING
Makefile libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
VERSION Update VERSIONs to 2.9 for release. 2019-03-15 11:32:30 +01:00