blob: d880e1e60fe403c66ca9b6aa29cf42c83ac1155d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 7af73c1684ce0e30ce0cd58b51708bde1e3a1984 Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Wed, 7 May 2014 11:36:27 -0400
Subject: [PATCH] libsemanage: disable expand-check on policy load
For small policy modules it's not necessary to walk the hierarchy on load.
On embedded devices that are low-powered or resource-constrained disabling
the hierarchy processing can make the difference between seconds and
(many) minutes of load time (or being able to load the policy at all).
Upstream-Status: Denied [upstream developers want to preserve the default
checking: http://marc.info/?l=selinux&m=121794804217721&w=2]
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
src/semanage.conf | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/semanage.conf b/src/semanage.conf
index 98d769b..708fa8c 100644
--- a/src/semanage.conf
+++ b/src/semanage.conf
@@ -40,3 +40,7 @@ module-store = direct
# By default, semanage will generate policies for the SELinux target.
# To build policies for Xen, uncomment the following line.
#target-platform = xen
+
+# Don't check the entire policy hierarchy when inserting / expanding a policy
+# module. This results in a significant speed-up in policy loading.
+expand-check=0
--
2.25.1
|
