subject:"speeding up nodups_specs, need large fc file."

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread William Roberts

On Fri, Oct 14, 2016 at 10:32 AM, Stephen Smalley  wrote:
> On 10/14/2016 10:15 AM, William Roberts wrote:
>> Is it to be expected that checkfc would actually fail on refpolicy?
>>
>> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts
>> Error: "fs_type" is not defined in this policy.
>>
>> I could comment out the validation callback... but just wondering if
>> this is expected.
>
> Yes, you hardcoded Android-specific type attributes in checkfc,
> remember?

Now I do, I totally forgot about that.

That's fine since it is an Android-only tool.  In Linux, we
> just runs setfiles -c /path/to/policy /path/to/file_contexts to do the
> same thing, or these days sefcontext_compile -p /path/to/policy
> /path/to/file_contexts will validate it.
>
>>
>>
>> On Fri, Oct 14, 2016 at 9:08 AM, William Roberts
>>  wrote:
>>> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
>>> it only took 4 seconds.
>>>
>>> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
>>>  wrote:
 Likely not, I see it compiling version 29 and I am on ubuntu which is
 way out of date with this stuff... should I just use the checkpolicy
 from my AOSP tree?

 Or should I just install with some particular set of options from
 selinux master repo?

 On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley  
 wrote:
> On 10/14/2016 09:02 AM, William Roberts wrote:
>> Looks like make MONOLITHIC=y policy to get the binary policy file
>>
>> Is it normal for checkpolicy to take 5 minutes?
>
> No, at least not with a modern checkpolicy.  Are you using a current
> version?
>
> $ time make MONOLITHIC=y policy
> Compiling refpolicy policy.30
> /usr/bin/checkpolicy -U deny policy.conf -o policy.30
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> /usr/bin/checkpolicy:  policy configuration loaded
> /usr/bin/checkpolicy:  writing binary representation (version 30) to
> policy.30
>
> real0m3.341s
> user0m3.280s
> sys 0m0.061s
>
>>
>> >From TOP:
>> 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
>> checkpolicy
>>
>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  
>> wrote:
>>> On 10/13/2016 03:28 PM, Roberts, William C wrote:
 I was looking back at my speedup patch for nodups specs…

 http://marc.info/?l=selinux=147249024230263=2



 I was testing before with a large, generated file_context file. I was
 wondering what would be a good source for

 A desktop version of a file_contexts (textual preference as I can run
 sefcontext_compile on it) file as well as a binary

 policy file….



 Should I just use refpolicy?
>>>
>>> That's probably fine, unless you happen to have Fedora installed and can
>>> just use its file_contexts file.
>>>
>>> $ cd refpolicy
>>> $ make MONOLITHIC=y conf
>>> $ make MONOLITHIC=y file_contexts
>>> $ wc -l file_contexts
>>> 4908 file_contexts
>>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
>>> 6075 /etc/selinux/targeted/contexts/files/file_contexts
>>>
>>>
>>> ___
>>> Selinux mailing list
>>> Selinux@tycho.nsa.gov
>>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>>> To get help, send an email containing "help" to 
>>> selinux-requ...@tycho.nsa.gov.
>>
>>
>>
>



 --
 Respectfully,

 William C Roberts
>>>
>>>
>>>
>>> --
>>> Respectfully,
>>>
>>> William C Roberts
>>
>>
>>
>



-- 
Respectfully,

William C Roberts

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread Stephen Smalley

On 10/14/2016 10:32 AM, Stephen Smalley wrote:
> On 10/14/2016 10:15 AM, William Roberts wrote:
>> Is it to be expected that checkfc would actually fail on refpolicy?
>>
>> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts
>> Error: "fs_type" is not defined in this policy.
>>
>> I could comment out the validation callback... but just wondering if
>> this is expected.
> 
> Yes, you hardcoded Android-specific type attributes in checkfc,
> remember?  That's fine since it is an Android-only tool.  In Linux, we
> just runs setfiles -c /path/to/policy /path/to/file_contexts to do the
> same thing, or these days sefcontext_compile -p /path/to/policy
> /path/to/file_contexts will validate it.

Or if you want a test program that just processes file_contexts and
looks up an entry, you can use selabel_lookup or matchpathcon from
libselinux/utils.

> 
>>
>>
>> On Fri, Oct 14, 2016 at 9:08 AM, William Roberts
>>  wrote:
>>> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
>>> it only took 4 seconds.
>>>
>>> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
>>>  wrote:
 Likely not, I see it compiling version 29 and I am on ubuntu which is
 way out of date with this stuff... should I just use the checkpolicy
 from my AOSP tree?

 Or should I just install with some particular set of options from
 selinux master repo?

 On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley  
 wrote:
> On 10/14/2016 09:02 AM, William Roberts wrote:
>> Looks like make MONOLITHIC=y policy to get the binary policy file
>>
>> Is it normal for checkpolicy to take 5 minutes?
>
> No, at least not with a modern checkpolicy.  Are you using a current
> version?
>
> $ time make MONOLITHIC=y policy
> Compiling refpolicy policy.30
> /usr/bin/checkpolicy -U deny policy.conf -o policy.30
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> /usr/bin/checkpolicy:  policy configuration loaded
> /usr/bin/checkpolicy:  writing binary representation (version 30) to
> policy.30
>
> real0m3.341s
> user0m3.280s
> sys 0m0.061s
>
>>
>> >From TOP:
>> 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
>> checkpolicy
>>
>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  
>> wrote:
>>> On 10/13/2016 03:28 PM, Roberts, William C wrote:
 I was looking back at my speedup patch for nodups specs…

 http://marc.info/?l=selinux=147249024230263=2



 I was testing before with a large, generated file_context file. I was
 wondering what would be a good source for

 A desktop version of a file_contexts (textual preference as I can run
 sefcontext_compile on it) file as well as a binary

 policy file….



 Should I just use refpolicy?
>>>
>>> That's probably fine, unless you happen to have Fedora installed and can
>>> just use its file_contexts file.
>>>
>>> $ cd refpolicy
>>> $ make MONOLITHIC=y conf
>>> $ make MONOLITHIC=y file_contexts
>>> $ wc -l file_contexts
>>> 4908 file_contexts
>>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
>>> 6075 /etc/selinux/targeted/contexts/files/file_contexts
>>>
>>>
>>> ___
>>> Selinux mailing list
>>> Selinux@tycho.nsa.gov
>>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>>> To get help, send an email containing "help" to 
>>> selinux-requ...@tycho.nsa.gov.
>>
>>
>>
>



 --
 Respectfully,

 William C Roberts
>>>
>>>
>>>
>>> --
>>> Respectfully,
>>>
>>> William C Roberts
>>
>>
>>
> 

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread Stephen Smalley

On 10/14/2016 10:15 AM, William Roberts wrote:
> Is it to be expected that checkfc would actually fail on refpolicy?
> 
> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts
> Error: "fs_type" is not defined in this policy.
> 
> I could comment out the validation callback... but just wondering if
> this is expected.

Yes, you hardcoded Android-specific type attributes in checkfc,
remember?  That's fine since it is an Android-only tool.  In Linux, we
just runs setfiles -c /path/to/policy /path/to/file_contexts to do the
same thing, or these days sefcontext_compile -p /path/to/policy
/path/to/file_contexts will validate it.

> 
> 
> On Fri, Oct 14, 2016 at 9:08 AM, William Roberts
>  wrote:
>> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
>> it only took 4 seconds.
>>
>> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
>>  wrote:
>>> Likely not, I see it compiling version 29 and I am on ubuntu which is
>>> way out of date with this stuff... should I just use the checkpolicy
>>> from my AOSP tree?
>>>
>>> Or should I just install with some particular set of options from
>>> selinux master repo?
>>>
>>> On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley  wrote:
 On 10/14/2016 09:02 AM, William Roberts wrote:
> Looks like make MONOLITHIC=y policy to get the binary policy file
>
> Is it normal for checkpolicy to take 5 minutes?

 No, at least not with a modern checkpolicy.  Are you using a current
 version?

 $ time make MONOLITHIC=y policy
 Compiling refpolicy policy.30
 /usr/bin/checkpolicy -U deny policy.conf -o policy.30
 /usr/bin/checkpolicy:  loading policy configuration from policy.conf
 /usr/bin/checkpolicy:  policy configuration loaded
 /usr/bin/checkpolicy:  writing binary representation (version 30) to
 policy.30

 real0m3.341s
 user0m3.280s
 sys 0m0.061s

>
> >From TOP:
> 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
> checkpolicy
>
> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  
> wrote:
>> On 10/13/2016 03:28 PM, Roberts, William C wrote:
>>> I was looking back at my speedup patch for nodups specs…
>>>
>>> http://marc.info/?l=selinux=147249024230263=2
>>>
>>>
>>>
>>> I was testing before with a large, generated file_context file. I was
>>> wondering what would be a good source for
>>>
>>> A desktop version of a file_contexts (textual preference as I can run
>>> sefcontext_compile on it) file as well as a binary
>>>
>>> policy file….
>>>
>>>
>>>
>>> Should I just use refpolicy?
>>
>> That's probably fine, unless you happen to have Fedora installed and can
>> just use its file_contexts file.
>>
>> $ cd refpolicy
>> $ make MONOLITHIC=y conf
>> $ make MONOLITHIC=y file_contexts
>> $ wc -l file_contexts
>> 4908 file_contexts
>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
>> 6075 /etc/selinux/targeted/contexts/files/file_contexts
>>
>>
>> ___
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>> To get help, send an email containing "help" to 
>> selinux-requ...@tycho.nsa.gov.
>
>
>

>>>
>>>
>>>
>>> --
>>> Respectfully,
>>>
>>> William C Roberts
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
> 
> 
> 

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread William Roberts

Is it to be expected that checkfc would actually fail on refpolicy?

$ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts
Error: "fs_type" is not defined in this policy.

I could comment out the validation callback... but just wondering if
this is expected.


On Fri, Oct 14, 2016 at 9:08 AM, William Roberts
 wrote:
> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
> it only took 4 seconds.
>
> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
>  wrote:
>> Likely not, I see it compiling version 29 and I am on ubuntu which is
>> way out of date with this stuff... should I just use the checkpolicy
>> from my AOSP tree?
>>
>> Or should I just install with some particular set of options from
>> selinux master repo?
>>
>> On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley  wrote:
>>> On 10/14/2016 09:02 AM, William Roberts wrote:
 Looks like make MONOLITHIC=y policy to get the binary policy file

 Is it normal for checkpolicy to take 5 minutes?
>>>
>>> No, at least not with a modern checkpolicy.  Are you using a current
>>> version?
>>>
>>> $ time make MONOLITHIC=y policy
>>> Compiling refpolicy policy.30
>>> /usr/bin/checkpolicy -U deny policy.conf -o policy.30
>>> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
>>> /usr/bin/checkpolicy:  policy configuration loaded
>>> /usr/bin/checkpolicy:  writing binary representation (version 30) to
>>> policy.30
>>>
>>> real0m3.341s
>>> user0m3.280s
>>> sys 0m0.061s
>>>

>From TOP:
 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
 checkpolicy

 On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  
 wrote:
> On 10/13/2016 03:28 PM, Roberts, William C wrote:
>> I was looking back at my speedup patch for nodups specs…
>>
>> http://marc.info/?l=selinux=147249024230263=2
>>
>>
>>
>> I was testing before with a large, generated file_context file. I was
>> wondering what would be a good source for
>>
>> A desktop version of a file_contexts (textual preference as I can run
>> sefcontext_compile on it) file as well as a binary
>>
>> policy file….
>>
>>
>>
>> Should I just use refpolicy?
>
> That's probably fine, unless you happen to have Fedora installed and can
> just use its file_contexts file.
>
> $ cd refpolicy
> $ make MONOLITHIC=y conf
> $ make MONOLITHIC=y file_contexts
> $ wc -l file_contexts
> 4908 file_contexts
> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
> 6075 /etc/selinux/targeted/contexts/files/file_contexts
>
>
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to 
> selinux-requ...@tycho.nsa.gov.



>>>
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>
>
>
> --
> Respectfully,
>
> William C Roberts



-- 
Respectfully,

William C Roberts

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread William Roberts

Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
it only took 4 seconds.

On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
 wrote:
> Likely not, I see it compiling version 29 and I am on ubuntu which is
> way out of date with this stuff... should I just use the checkpolicy
> from my AOSP tree?
>
> Or should I just install with some particular set of options from
> selinux master repo?
>
> On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley  wrote:
>> On 10/14/2016 09:02 AM, William Roberts wrote:
>>> Looks like make MONOLITHIC=y policy to get the binary policy file
>>>
>>> Is it normal for checkpolicy to take 5 minutes?
>>
>> No, at least not with a modern checkpolicy.  Are you using a current
>> version?
>>
>> $ time make MONOLITHIC=y policy
>> Compiling refpolicy policy.30
>> /usr/bin/checkpolicy -U deny policy.conf -o policy.30
>> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
>> /usr/bin/checkpolicy:  policy configuration loaded
>> /usr/bin/checkpolicy:  writing binary representation (version 30) to
>> policy.30
>>
>> real0m3.341s
>> user0m3.280s
>> sys 0m0.061s
>>
>>>
From TOP:
>>> 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
>>> checkpolicy
>>>
>>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  wrote:
 On 10/13/2016 03:28 PM, Roberts, William C wrote:
> I was looking back at my speedup patch for nodups specs…
>
> http://marc.info/?l=selinux=147249024230263=2
>
>
>
> I was testing before with a large, generated file_context file. I was
> wondering what would be a good source for
>
> A desktop version of a file_contexts (textual preference as I can run
> sefcontext_compile on it) file as well as a binary
>
> policy file….
>
>
>
> Should I just use refpolicy?

 That's probably fine, unless you happen to have Fedora installed and can
 just use its file_contexts file.

 $ cd refpolicy
 $ make MONOLITHIC=y conf
 $ make MONOLITHIC=y file_contexts
 $ wc -l file_contexts
 4908 file_contexts
 $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
 6075 /etc/selinux/targeted/contexts/files/file_contexts


 ___
 Selinux mailing list
 Selinux@tycho.nsa.gov
 To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
 To get help, send an email containing "help" to 
 selinux-requ...@tycho.nsa.gov.
>>>
>>>
>>>
>>
>
>
>
> --
> Respectfully,
>
> William C Roberts



-- 
Respectfully,

William C Roberts

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread Stephen Smalley

On 10/14/2016 09:07 AM, William Roberts wrote:
> Likely not, I see it compiling version 29 and I am on ubuntu which is
> way out of date with this stuff... should I just use the checkpolicy
> from my AOSP tree?
> 
> Or should I just install with some particular set of options from
> selinux master repo?

AOSP version should be fine.

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread William Roberts

Likely not, I see it compiling version 29 and I am on ubuntu which is
way out of date with this stuff... should I just use the checkpolicy
from my AOSP tree?

Or should I just install with some particular set of options from
selinux master repo?

On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley  wrote:
> On 10/14/2016 09:02 AM, William Roberts wrote:
>> Looks like make MONOLITHIC=y policy to get the binary policy file
>>
>> Is it normal for checkpolicy to take 5 minutes?
>
> No, at least not with a modern checkpolicy.  Are you using a current
> version?
>
> $ time make MONOLITHIC=y policy
> Compiling refpolicy policy.30
> /usr/bin/checkpolicy -U deny policy.conf -o policy.30
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> /usr/bin/checkpolicy:  policy configuration loaded
> /usr/bin/checkpolicy:  writing binary representation (version 30) to
> policy.30
>
> real0m3.341s
> user0m3.280s
> sys 0m0.061s
>
>>
>>>From TOP:
>> 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
>> checkpolicy
>>
>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  wrote:
>>> On 10/13/2016 03:28 PM, Roberts, William C wrote:
 I was looking back at my speedup patch for nodups specs…

 http://marc.info/?l=selinux=147249024230263=2



 I was testing before with a large, generated file_context file. I was
 wondering what would be a good source for

 A desktop version of a file_contexts (textual preference as I can run
 sefcontext_compile on it) file as well as a binary

 policy file….



 Should I just use refpolicy?
>>>
>>> That's probably fine, unless you happen to have Fedora installed and can
>>> just use its file_contexts file.
>>>
>>> $ cd refpolicy
>>> $ make MONOLITHIC=y conf
>>> $ make MONOLITHIC=y file_contexts
>>> $ wc -l file_contexts
>>> 4908 file_contexts
>>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
>>> 6075 /etc/selinux/targeted/contexts/files/file_contexts
>>>
>>>
>>> ___
>>> Selinux mailing list
>>> Selinux@tycho.nsa.gov
>>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>>> To get help, send an email containing "help" to 
>>> selinux-requ...@tycho.nsa.gov.
>>
>>
>>
>



-- 
Respectfully,

William C Roberts

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-14 Thread Stephen Smalley

On 10/14/2016 09:02 AM, William Roberts wrote:
> Looks like make MONOLITHIC=y policy to get the binary policy file
> 
> Is it normal for checkpolicy to take 5 minutes?

No, at least not with a modern checkpolicy.  Are you using a current
version?

$ time make MONOLITHIC=y policy
Compiling refpolicy policy.30
/usr/bin/checkpolicy -U deny policy.conf -o policy.30
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
/usr/bin/checkpolicy:  policy configuration loaded
/usr/bin/checkpolicy:  writing binary representation (version 30) to
policy.30

real0m3.341s
user0m3.280s
sys 0m0.061s

> 
>>From TOP:
> 31178 wcrobert  20   0  812552 751940   1628 R 100.0  4.6   4:47.36
> checkpolicy
> 
> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley  wrote:
>> On 10/13/2016 03:28 PM, Roberts, William C wrote:
>>> I was looking back at my speedup patch for nodups specs…
>>>
>>> http://marc.info/?l=selinux=147249024230263=2
>>>
>>>
>>>
>>> I was testing before with a large, generated file_context file. I was
>>> wondering what would be a good source for
>>>
>>> A desktop version of a file_contexts (textual preference as I can run
>>> sefcontext_compile on it) file as well as a binary
>>>
>>> policy file….
>>>
>>>
>>>
>>> Should I just use refpolicy?
>>
>> That's probably fine, unless you happen to have Fedora installed and can
>> just use its file_contexts file.
>>
>> $ cd refpolicy
>> $ make MONOLITHIC=y conf
>> $ make MONOLITHIC=y file_contexts
>> $ wc -l file_contexts
>> 4908 file_contexts
>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts
>> 6075 /etc/selinux/targeted/contexts/files/file_contexts
>>
>>
>> ___
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>> To get help, send an email containing "help" to 
>> selinux-requ...@tycho.nsa.gov.
> 
> 
> 

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

2016-10-13 Thread Stephen Smalley

On 10/13/2016 03:28 PM, Roberts, William C wrote:
> I was looking back at my speedup patch for nodups specs…
> 
> http://marc.info/?l=selinux=147249024230263=2
> 
>  
> 
> I was testing before with a large, generated file_context file. I was
> wondering what would be a good source for
> 
> A desktop version of a file_contexts (textual preference as I can run
> sefcontext_compile on it) file as well as a binary
> 
> policy file….
> 
>  
> 
> Should I just use refpolicy?

That's probably fine, unless you happen to have Fedora installed and can
just use its file_contexts file.

$ cd refpolicy
$ make MONOLITHIC=y conf
$ make MONOLITHIC=y file_contexts
$ wc -l file_contexts
4908 file_contexts
$ wc -l /etc/selinux/targeted/contexts/files/file_contexts
6075 /etc/selinux/targeted/contexts/files/file_contexts


___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

speeding up nodups_specs, need large fc file.

2016-10-13 Thread Roberts, William C

I was looking back at my speedup patch for nodups specs...
http://marc.info/?l=selinux=147249024230263=2

I was testing before with a large, generated file_context file. I was wondering 
what would be a good source for
A desktop version of a file_contexts (textual preference as I can run 
sefcontext_compile on it) file as well as a binary
policy file

Should I just use refpolicy?

Bill
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

Re: speeding up nodups_specs, need large fc file.

speeding up nodups_specs, need large fc file.

10 matches

Site Navigation

Mail list logo

Footer information