Re: speeding up nodups_specs, need large fc file.
On Fri, Oct 14, 2016 at 10:32 AM, Stephen Smalley wrote: > On 10/14/2016 10:15 AM, William Roberts wrote: >> Is it to be expected that checkfc would actually fail on refpolicy? >> >> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts >> Error: "fs_type" is not defined in this policy. >> >> I could comment out the validation callback... but just wondering if >> this is expected. > > Yes, you hardcoded Android-specific type attributes in checkfc, > remember? Now I do, I totally forgot about that. That's fine since it is an Android-only tool. In Linux, we > just runs setfiles -c /path/to/policy /path/to/file_contexts to do the > same thing, or these days sefcontext_compile -p /path/to/policy > /path/to/file_contexts will validate it. > >> >> >> On Fri, Oct 14, 2016 at 9:08 AM, William Roberts >> wrote: >>> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and >>> it only took 4 seconds. >>> >>> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts >>> wrote: Likely not, I see it compiling version 29 and I am on ubuntu which is way out of date with this stuff... should I just use the checkpolicy from my AOSP tree? Or should I just install with some particular set of options from selinux master repo? On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley wrote: > On 10/14/2016 09:02 AM, William Roberts wrote: >> Looks like make MONOLITHIC=y policy to get the binary policy file >> >> Is it normal for checkpolicy to take 5 minutes? > > No, at least not with a modern checkpolicy. Are you using a current > version? > > $ time make MONOLITHIC=y policy > Compiling refpolicy policy.30 > /usr/bin/checkpolicy -U deny policy.conf -o policy.30 > /usr/bin/checkpolicy: loading policy configuration from policy.conf > /usr/bin/checkpolicy: policy configuration loaded > /usr/bin/checkpolicy: writing binary representation (version 30) to > policy.30 > > real0m3.341s > user0m3.280s > sys 0m0.061s > >> >> >From TOP: >> 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 >> checkpolicy >> >> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley >> wrote: >>> On 10/13/2016 03:28 PM, Roberts, William C wrote: I was looking back at my speedup patch for nodups specs… http://marc.info/?l=selinux&m=147249024230263&w=2 I was testing before with a large, generated file_context file. I was wondering what would be a good source for A desktop version of a file_contexts (textual preference as I can run sefcontext_compile on it) file as well as a binary policy file…. Should I just use refpolicy? >>> >>> That's probably fine, unless you happen to have Fedora installed and can >>> just use its file_contexts file. >>> >>> $ cd refpolicy >>> $ make MONOLITHIC=y conf >>> $ make MONOLITHIC=y file_contexts >>> $ wc -l file_contexts >>> 4908 file_contexts >>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >>> 6075 /etc/selinux/targeted/contexts/files/file_contexts >>> >>> >>> ___ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov >>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov. >>> To get help, send an email containing "help" to >>> selinux-requ...@tycho.nsa.gov. >> >> >> > -- Respectfully, William C Roberts >>> >>> >>> >>> -- >>> Respectfully, >>> >>> William C Roberts >> >> >> > -- Respectfully, William C Roberts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
On 10/14/2016 10:32 AM, Stephen Smalley wrote: > On 10/14/2016 10:15 AM, William Roberts wrote: >> Is it to be expected that checkfc would actually fail on refpolicy? >> >> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts >> Error: "fs_type" is not defined in this policy. >> >> I could comment out the validation callback... but just wondering if >> this is expected. > > Yes, you hardcoded Android-specific type attributes in checkfc, > remember? That's fine since it is an Android-only tool. In Linux, we > just runs setfiles -c /path/to/policy /path/to/file_contexts to do the > same thing, or these days sefcontext_compile -p /path/to/policy > /path/to/file_contexts will validate it. Or if you want a test program that just processes file_contexts and looks up an entry, you can use selabel_lookup or matchpathcon from libselinux/utils. > >> >> >> On Fri, Oct 14, 2016 at 9:08 AM, William Roberts >> wrote: >>> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and >>> it only took 4 seconds. >>> >>> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts >>> wrote: Likely not, I see it compiling version 29 and I am on ubuntu which is way out of date with this stuff... should I just use the checkpolicy from my AOSP tree? Or should I just install with some particular set of options from selinux master repo? On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley wrote: > On 10/14/2016 09:02 AM, William Roberts wrote: >> Looks like make MONOLITHIC=y policy to get the binary policy file >> >> Is it normal for checkpolicy to take 5 minutes? > > No, at least not with a modern checkpolicy. Are you using a current > version? > > $ time make MONOLITHIC=y policy > Compiling refpolicy policy.30 > /usr/bin/checkpolicy -U deny policy.conf -o policy.30 > /usr/bin/checkpolicy: loading policy configuration from policy.conf > /usr/bin/checkpolicy: policy configuration loaded > /usr/bin/checkpolicy: writing binary representation (version 30) to > policy.30 > > real0m3.341s > user0m3.280s > sys 0m0.061s > >> >> >From TOP: >> 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 >> checkpolicy >> >> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley >> wrote: >>> On 10/13/2016 03:28 PM, Roberts, William C wrote: I was looking back at my speedup patch for nodups specs… http://marc.info/?l=selinux&m=147249024230263&w=2 I was testing before with a large, generated file_context file. I was wondering what would be a good source for A desktop version of a file_contexts (textual preference as I can run sefcontext_compile on it) file as well as a binary policy file…. Should I just use refpolicy? >>> >>> That's probably fine, unless you happen to have Fedora installed and can >>> just use its file_contexts file. >>> >>> $ cd refpolicy >>> $ make MONOLITHIC=y conf >>> $ make MONOLITHIC=y file_contexts >>> $ wc -l file_contexts >>> 4908 file_contexts >>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >>> 6075 /etc/selinux/targeted/contexts/files/file_contexts >>> >>> >>> ___ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov >>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov. >>> To get help, send an email containing "help" to >>> selinux-requ...@tycho.nsa.gov. >> >> >> > -- Respectfully, William C Roberts >>> >>> >>> >>> -- >>> Respectfully, >>> >>> William C Roberts >> >> >> > ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
On 10/14/2016 10:15 AM, William Roberts wrote: > Is it to be expected that checkfc would actually fail on refpolicy? > > $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts > Error: "fs_type" is not defined in this policy. > > I could comment out the validation callback... but just wondering if > this is expected. Yes, you hardcoded Android-specific type attributes in checkfc, remember? That's fine since it is an Android-only tool. In Linux, we just runs setfiles -c /path/to/policy /path/to/file_contexts to do the same thing, or these days sefcontext_compile -p /path/to/policy /path/to/file_contexts will validate it. > > > On Fri, Oct 14, 2016 at 9:08 AM, William Roberts > wrote: >> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and >> it only took 4 seconds. >> >> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts >> wrote: >>> Likely not, I see it compiling version 29 and I am on ubuntu which is >>> way out of date with this stuff... should I just use the checkpolicy >>> from my AOSP tree? >>> >>> Or should I just install with some particular set of options from >>> selinux master repo? >>> >>> On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley wrote: On 10/14/2016 09:02 AM, William Roberts wrote: > Looks like make MONOLITHIC=y policy to get the binary policy file > > Is it normal for checkpolicy to take 5 minutes? No, at least not with a modern checkpolicy. Are you using a current version? $ time make MONOLITHIC=y policy Compiling refpolicy policy.30 /usr/bin/checkpolicy -U deny policy.conf -o policy.30 /usr/bin/checkpolicy: loading policy configuration from policy.conf /usr/bin/checkpolicy: policy configuration loaded /usr/bin/checkpolicy: writing binary representation (version 30) to policy.30 real0m3.341s user0m3.280s sys 0m0.061s > > >From TOP: > 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 > checkpolicy > > On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley > wrote: >> On 10/13/2016 03:28 PM, Roberts, William C wrote: >>> I was looking back at my speedup patch for nodups specs… >>> >>> http://marc.info/?l=selinux&m=147249024230263&w=2 >>> >>> >>> >>> I was testing before with a large, generated file_context file. I was >>> wondering what would be a good source for >>> >>> A desktop version of a file_contexts (textual preference as I can run >>> sefcontext_compile on it) file as well as a binary >>> >>> policy file…. >>> >>> >>> >>> Should I just use refpolicy? >> >> That's probably fine, unless you happen to have Fedora installed and can >> just use its file_contexts file. >> >> $ cd refpolicy >> $ make MONOLITHIC=y conf >> $ make MONOLITHIC=y file_contexts >> $ wc -l file_contexts >> 4908 file_contexts >> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >> 6075 /etc/selinux/targeted/contexts/files/file_contexts >> >> >> ___ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to selinux-le...@tycho.nsa.gov. >> To get help, send an email containing "help" to >> selinux-requ...@tycho.nsa.gov. > > > >>> >>> >>> >>> -- >>> Respectfully, >>> >>> William C Roberts >> >> >> >> -- >> Respectfully, >> >> William C Roberts > > > ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
Is it to be expected that checkfc would actually fail on refpolicy? $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts Error: "fs_type" is not defined in this policy. I could comment out the validation callback... but just wondering if this is expected. On Fri, Oct 14, 2016 at 9:08 AM, William Roberts wrote: > Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and > it only took 4 seconds. > > On Fri, Oct 14, 2016 at 9:07 AM, William Roberts > wrote: >> Likely not, I see it compiling version 29 and I am on ubuntu which is >> way out of date with this stuff... should I just use the checkpolicy >> from my AOSP tree? >> >> Or should I just install with some particular set of options from >> selinux master repo? >> >> On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley wrote: >>> On 10/14/2016 09:02 AM, William Roberts wrote: Looks like make MONOLITHIC=y policy to get the binary policy file Is it normal for checkpolicy to take 5 minutes? >>> >>> No, at least not with a modern checkpolicy. Are you using a current >>> version? >>> >>> $ time make MONOLITHIC=y policy >>> Compiling refpolicy policy.30 >>> /usr/bin/checkpolicy -U deny policy.conf -o policy.30 >>> /usr/bin/checkpolicy: loading policy configuration from policy.conf >>> /usr/bin/checkpolicy: policy configuration loaded >>> /usr/bin/checkpolicy: writing binary representation (version 30) to >>> policy.30 >>> >>> real0m3.341s >>> user0m3.280s >>> sys 0m0.061s >>> >From TOP: 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 checkpolicy On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley wrote: > On 10/13/2016 03:28 PM, Roberts, William C wrote: >> I was looking back at my speedup patch for nodups specs… >> >> http://marc.info/?l=selinux&m=147249024230263&w=2 >> >> >> >> I was testing before with a large, generated file_context file. I was >> wondering what would be a good source for >> >> A desktop version of a file_contexts (textual preference as I can run >> sefcontext_compile on it) file as well as a binary >> >> policy file…. >> >> >> >> Should I just use refpolicy? > > That's probably fine, unless you happen to have Fedora installed and can > just use its file_contexts file. > > $ cd refpolicy > $ make MONOLITHIC=y conf > $ make MONOLITHIC=y file_contexts > $ wc -l file_contexts > 4908 file_contexts > $ wc -l /etc/selinux/targeted/contexts/files/file_contexts > 6075 /etc/selinux/targeted/contexts/files/file_contexts > > > ___ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > selinux-requ...@tycho.nsa.gov. >>> >> >> >> >> -- >> Respectfully, >> >> William C Roberts > > > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and it only took 4 seconds. On Fri, Oct 14, 2016 at 9:07 AM, William Roberts wrote: > Likely not, I see it compiling version 29 and I am on ubuntu which is > way out of date with this stuff... should I just use the checkpolicy > from my AOSP tree? > > Or should I just install with some particular set of options from > selinux master repo? > > On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley wrote: >> On 10/14/2016 09:02 AM, William Roberts wrote: >>> Looks like make MONOLITHIC=y policy to get the binary policy file >>> >>> Is it normal for checkpolicy to take 5 minutes? >> >> No, at least not with a modern checkpolicy. Are you using a current >> version? >> >> $ time make MONOLITHIC=y policy >> Compiling refpolicy policy.30 >> /usr/bin/checkpolicy -U deny policy.conf -o policy.30 >> /usr/bin/checkpolicy: loading policy configuration from policy.conf >> /usr/bin/checkpolicy: policy configuration loaded >> /usr/bin/checkpolicy: writing binary representation (version 30) to >> policy.30 >> >> real0m3.341s >> user0m3.280s >> sys 0m0.061s >> >>> From TOP: >>> 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 >>> checkpolicy >>> >>> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley wrote: On 10/13/2016 03:28 PM, Roberts, William C wrote: > I was looking back at my speedup patch for nodups specs… > > http://marc.info/?l=selinux&m=147249024230263&w=2 > > > > I was testing before with a large, generated file_context file. I was > wondering what would be a good source for > > A desktop version of a file_contexts (textual preference as I can run > sefcontext_compile on it) file as well as a binary > > policy file…. > > > > Should I just use refpolicy? That's probably fine, unless you happen to have Fedora installed and can just use its file_contexts file. $ cd refpolicy $ make MONOLITHIC=y conf $ make MONOLITHIC=y file_contexts $ wc -l file_contexts 4908 file_contexts $ wc -l /etc/selinux/targeted/contexts/files/file_contexts 6075 /etc/selinux/targeted/contexts/files/file_contexts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov. >>> >>> >>> >> > > > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
On 10/14/2016 09:07 AM, William Roberts wrote: > Likely not, I see it compiling version 29 and I am on ubuntu which is > way out of date with this stuff... should I just use the checkpolicy > from my AOSP tree? > > Or should I just install with some particular set of options from > selinux master repo? AOSP version should be fine. ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
Likely not, I see it compiling version 29 and I am on ubuntu which is way out of date with this stuff... should I just use the checkpolicy from my AOSP tree? Or should I just install with some particular set of options from selinux master repo? On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley wrote: > On 10/14/2016 09:02 AM, William Roberts wrote: >> Looks like make MONOLITHIC=y policy to get the binary policy file >> >> Is it normal for checkpolicy to take 5 minutes? > > No, at least not with a modern checkpolicy. Are you using a current > version? > > $ time make MONOLITHIC=y policy > Compiling refpolicy policy.30 > /usr/bin/checkpolicy -U deny policy.conf -o policy.30 > /usr/bin/checkpolicy: loading policy configuration from policy.conf > /usr/bin/checkpolicy: policy configuration loaded > /usr/bin/checkpolicy: writing binary representation (version 30) to > policy.30 > > real0m3.341s > user0m3.280s > sys 0m0.061s > >> >>>From TOP: >> 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 >> checkpolicy >> >> On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley wrote: >>> On 10/13/2016 03:28 PM, Roberts, William C wrote: I was looking back at my speedup patch for nodups specs… http://marc.info/?l=selinux&m=147249024230263&w=2 I was testing before with a large, generated file_context file. I was wondering what would be a good source for A desktop version of a file_contexts (textual preference as I can run sefcontext_compile on it) file as well as a binary policy file…. Should I just use refpolicy? >>> >>> That's probably fine, unless you happen to have Fedora installed and can >>> just use its file_contexts file. >>> >>> $ cd refpolicy >>> $ make MONOLITHIC=y conf >>> $ make MONOLITHIC=y file_contexts >>> $ wc -l file_contexts >>> 4908 file_contexts >>> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >>> 6075 /etc/selinux/targeted/contexts/files/file_contexts >>> >>> >>> ___ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov >>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov. >>> To get help, send an email containing "help" to >>> selinux-requ...@tycho.nsa.gov. >> >> >> > -- Respectfully, William C Roberts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
On 10/14/2016 09:02 AM, William Roberts wrote: > Looks like make MONOLITHIC=y policy to get the binary policy file > > Is it normal for checkpolicy to take 5 minutes? No, at least not with a modern checkpolicy. Are you using a current version? $ time make MONOLITHIC=y policy Compiling refpolicy policy.30 /usr/bin/checkpolicy -U deny policy.conf -o policy.30 /usr/bin/checkpolicy: loading policy configuration from policy.conf /usr/bin/checkpolicy: policy configuration loaded /usr/bin/checkpolicy: writing binary representation (version 30) to policy.30 real0m3.341s user0m3.280s sys 0m0.061s > >>From TOP: > 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 > checkpolicy > > On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley wrote: >> On 10/13/2016 03:28 PM, Roberts, William C wrote: >>> I was looking back at my speedup patch for nodups specs… >>> >>> http://marc.info/?l=selinux&m=147249024230263&w=2 >>> >>> >>> >>> I was testing before with a large, generated file_context file. I was >>> wondering what would be a good source for >>> >>> A desktop version of a file_contexts (textual preference as I can run >>> sefcontext_compile on it) file as well as a binary >>> >>> policy file…. >>> >>> >>> >>> Should I just use refpolicy? >> >> That's probably fine, unless you happen to have Fedora installed and can >> just use its file_contexts file. >> >> $ cd refpolicy >> $ make MONOLITHIC=y conf >> $ make MONOLITHIC=y file_contexts >> $ wc -l file_contexts >> 4908 file_contexts >> $ wc -l /etc/selinux/targeted/contexts/files/file_contexts >> 6075 /etc/selinux/targeted/contexts/files/file_contexts >> >> >> ___ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to selinux-le...@tycho.nsa.gov. >> To get help, send an email containing "help" to >> selinux-requ...@tycho.nsa.gov. > > > ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
Looks like make MONOLITHIC=y policy to get the binary policy file Is it normal for checkpolicy to take 5 minutes? From TOP: 31178 wcrobert 20 0 812552 751940 1628 R 100.0 4.6 4:47.36 checkpolicy On Thu, Oct 13, 2016 at 4:37 PM, Stephen Smalley wrote: > On 10/13/2016 03:28 PM, Roberts, William C wrote: >> I was looking back at my speedup patch for nodups specs… >> >> http://marc.info/?l=selinux&m=147249024230263&w=2 >> >> >> >> I was testing before with a large, generated file_context file. I was >> wondering what would be a good source for >> >> A desktop version of a file_contexts (textual preference as I can run >> sefcontext_compile on it) file as well as a binary >> >> policy file…. >> >> >> >> Should I just use refpolicy? > > That's probably fine, unless you happen to have Fedora installed and can > just use its file_contexts file. > > $ cd refpolicy > $ make MONOLITHIC=y conf > $ make MONOLITHIC=y file_contexts > $ wc -l file_contexts > 4908 file_contexts > $ wc -l /etc/selinux/targeted/contexts/files/file_contexts > 6075 /etc/selinux/targeted/contexts/files/file_contexts > > > ___ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov. -- Respectfully, William C Roberts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: speeding up nodups_specs, need large fc file.
On 10/13/2016 03:28 PM, Roberts, William C wrote: > I was looking back at my speedup patch for nodups specs… > > http://marc.info/?l=selinux&m=147249024230263&w=2 > > > > I was testing before with a large, generated file_context file. I was > wondering what would be a good source for > > A desktop version of a file_contexts (textual preference as I can run > sefcontext_compile on it) file as well as a binary > > policy file…. > > > > Should I just use refpolicy? That's probably fine, unless you happen to have Fedora installed and can just use its file_contexts file. $ cd refpolicy $ make MONOLITHIC=y conf $ make MONOLITHIC=y file_contexts $ wc -l file_contexts 4908 file_contexts $ wc -l /etc/selinux/targeted/contexts/files/file_contexts 6075 /etc/selinux/targeted/contexts/files/file_contexts ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
speeding up nodups_specs, need large fc file.
I was looking back at my speedup patch for nodups specs... http://marc.info/?l=selinux&m=147249024230263&w=2 I was testing before with a large, generated file_context file. I was wondering what would be a good source for A desktop version of a file_contexts (textual preference as I can run sefcontext_compile on it) file as well as a binary policy file Should I just use refpolicy? Bill ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.