On Mon, 24 Sep 2007 18:21:16 -0500, Mike McCarty <[EMAIL PROTECTED]> said:
> Manoj Srivastava wrote: >> On Sun, 23 Sep 2007 11:14:57 -0400, Douglas A Tutty >> <[EMAIL PROTECTED]> said: >> >>> On small systems, what about the penalty of just larger binaries? I >>> have some older boxes with 16-64 MB ram. >> >> Firstly: Very few packages have been actively patched to link > Something like 50 or so. ls, mv, cp, etc. Source packages. All those are from coreutils, no? >> with selinux. Second, the selinux libraries are shared libs -- so the >> actual binary is not significantly increased in size (well, dpkg is >> the exception, since it is linked statically with selinux). > It does have to be in memory, however. >> My Pentium II box with 64MB of ram seems to run in SELinux strict >> mode just fine -- it is my firewall. > Good for you. Right. But a few hundred KB in memory is a smallish penalty, and even 708 old hardware seems to be running it fine for me. manoj -- "The chain which can be yanked is not the eternal chain." Fitch Manoj Srivastava <[EMAIL PROTECTED]> <http://www.golden-gryphon.com/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]