Re: I am thinking of adding compression to libselinux

2013-09-12 Thread kaperang07 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Basically looking at compressing the policy file to shrink SELinux footprint
 in the minimal install/cloud image.
 
 Currently the policy modules (pp files) are shipped with bzip compression but
 the actually policy file.
 
 But the /etc/selinux/targeted/policy/policy.29 is not compressed. systemd and
 load_policy use libselinux to read in the policy file and load it into the
 kernel, so since systemd currently uses libxz, I figured this would be the
 best solution to add libxz support to libselinux.
 
 ls -l /etc/selinux/targeted/policy/policy.29*
 - -rw-r--r--. 1 root root 2703245 Sep 11 13:56
 /etc/selinux/targeted/policy/policy.29
 - -rw-r--r--. 1 root root 395072 Sep 11 13:56
 /etc/selinux/targeted/policy/policy.29.xz
 
 Worth the effort?
 
 Should I use a different algorithm?
 
 Advise on using libxz? Keep memory small?
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.14 (GNU/Linux)
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
 iEYEARECAAYFAlIxqzoACgkQrlYvE4MpobMnkACgk+NeEeHuFSECZwoHF9B3UmTb
 fCYAn2BfSemECcSPXIxCd7OCSkyIOXgO
 =ZD3h
 -END PGP SIGNATURE-
 -- 
 devel mailing list
 devel@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/devel
 Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

If the loss of time when loading selinux-policy (not a one policy module, but 
all of them) will not be large, it is worth it :)-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Re: Proposed F19 Feature: First-Class Cloud Images

2013-01-25 Thread kaperang07 
 On Fri, Jan 25, 2013 at 11:58:18AM +0100, Christophe Fergeau wrote:
  First time I hear of cloud-init, so as far as I know no one looked into
  Boxes integration (though this could be nice).
 
 For Boxes, it might be nice if ~/.ssh/id_rsa.pub were provided by default
 (configurable, of course).
 
 
 -- 
 Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁  mat...@fedoraproject.org 
 -- 
 devel mailing list
 devel@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/devel
 -- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Re: Proposed F19 Feature: Fedora Upgrade - using yum

2013-01-25 Thread kaperang07 
 On 01/24/2013 06:12 PM, Lennart Poettering wrote:
  If you restart any of those you bring down the entire machine basically,
  or bring down at least the bits you really want to avoid, i.e. the
  user's sessions...
 
  Then all code that runs that is not a system service is difficult to
  restart from a system script. How do you plan to restart Evolution or
  Firefox, or Gimp?
 ...
  Of course, you could tell the user as last step of your script to
  please reboot now, but if you do that your update isn't online
  anymore, but is awfully close to real offline upgrades, except that
  during the upgrade period you have a ton of processes around that might
  be seriously confused by not being able to find their own resources
  anymore or in wrong versions...
 
 This is a pessimistic view but I think it's not as intractable.
 
 There are two separate aspects to it: discovery what needs to be 
 restarted, and the actual process of restarting. The discovery is almost 
 there: we know the resources (libs, files, etc) that were replaced, so 
 it's a matter of walking the list of running processes and checking if 
 they depend on those resources. I can see how transient I/O, including 
 dlopen() could be tricky, but I don't think it's fundamentally 
 impossible---at worst, it'd be implementing some sort of 
 /proc/1234/history-of-opened-fd mechanism.
 
 That leaves the restarting: again it seems to me that is not as hopeless 
 as you make it sound, either: kernel is hardest but even there people 
 are working on ksplice. Many services are designed to be restarted, like 
 DHCPD which doesn't even have an online reload but has to be bounced if 
 the DHCP data file changes.
 
 Regular process restart is of course application dependent, but e.g. 
 Firefox actually restarts relatively graciously: I just killed mine and 
 the new instance reopened all my tabs (a pleasant surprise--I expected 
 the Restore Session (Well this is embarrassing) window I was used to). 
 Maybe there is a couple of classes that the restart falls into:
 
 - no problems restarting anytime
 
 - availability problems but no data loss on restart (easy restart but 
 maybe needs user confirmation)
 
 - some out-of-process support needed (file rotation/cleanup, etc)
 
 - user intervention required (saving files, etc).
 
 
 I believe that seamless upgrades are an attractive goal. I am not 
 arguing for infinite upgrades---only a fresh install can guarantee 
 getting all new technologies that one wouldn't get through upgrades 
 because they may not even existed at the original installation. My point 
 is that the reinstall decision should be in principle driven by the 
 user, not by the OS release schedule.
 
 
 
 -- 
 devel mailing list
 devel@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/devel
 -- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel