SE Linux installer changes needed - was Re: /etc/ and FC4T3

Russell Coker russell at
Sun May 15 17:09:06 UTC 2005

On Monday 16 May 2005 01:06, Russell Coker <russell at> wrote:
> I've attached a little Perl script that will munge a targeted policy.  It
> replaces most type and domain definitions with typealias rules and reduces
> the policy binary size from 4176K to 60K.  That saves 4116K of kernel
> memory and almost 700K on the cramfs.  The saving of 4M of kernel memory
> will make a huge difference to the install on small machines.  Currently
> it's almost impossible to install a FC4 test version on a machine with 64M
> of RAM, this change will give the same result as adding another 4M of RAM
> to machines for the installer (particularly important for machines that run
> out of RAM before completing the partitioning process).

I've attached a new version, my first version had a bug that caused files 
created in the post install scripts of packages and the post install for 
kickstart get the wrong type.  For reference, if the type on a directory is 
an alias it seems that new objects created under the directory get the base 
type in the security.selinux xattr not the alias name.

Anyway with this change the result is correct (verified by running setfiles -v 
on a fresh install - I found evidence of other bugs but no bugs caused by my 
code).  The policy.19 file will now be 444K in size, this saves 3732K of 
kernel memory which is still worth doing.

--   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/x-perl
Size: 1177 bytes
Desc: not available
URL: <>

More information about the fedora-selinux-list mailing list