semanage slow (Should I ignore or report this avc denial?)
Daniel J Walsh pise:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/27/2012 10:34 AM, Sergio wrote: > > > >>>> > >>>> The policy configuration supports two options: > >>>> > >>>> 1. silently deny this: setsebool -P > >>> vbetool_mmap_zero_ignore on > >>>> > >>>> or > >>>> > >>>> 2. allow this: setsebool -P mmap_low_allowed on > >>>> > >>>> > >>>> > >>> > >>> A better solution is probably > >>> > >>> yum remove vbetool > >>> > >>> Since most people do not need it. > >> > > > > For the while I went with > > > > # setsebool -P mmap_low_allowed on > > > > And it's taking quite a while to complete the job. The command is using > > almost all of my old Athlon CPU for quite some time already. > > > > Is this normal? > > > > Note: last selinux-policy-targeted update got stuck and I eventually had to > > stop it and then complete it afterwards (with yum-complete-transaction). > > Just saying to give a perspective. Maybe I should stop the setsebool > > process (not doing anything now in case I get an answer)? -- selinux > > mailing list selinux@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > > > > setsebool -P and semanage commands are slow, they are doing a full recompile > of all policy. OK, I understand this. But what's the reason to be semanage boolean -l much slower than getsebool -a No recompiling, just gathering the booleans default state and short summary in addition to the second command. -- --Zdenek Pytela, <pytela@phil.muni.cz> -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
semanage slow (Should I ignore or report this avc denial?)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 10/02/2012 09:21 AM, Zdenek Pytela wrote: > Daniel J Walsh pise: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 09/27/2012 10:34 AM, Sergio wrote: >>> >>>>>> >>>>>> The policy configuration supports two options: >>>>>> >>>>>> 1. silently deny this: setsebool -P >>>>> vbetool_mmap_zero_ignore on >>>>>> >>>>>> or >>>>>> >>>>>> 2. allow this: setsebool -P mmap_low_allowed on >>>>>> >>>>>> >>>>>> >>>>> >>>>> A better solution is probably >>>>> >>>>> yum remove vbetool >>>>> >>>>> Since most people do not need it. >>>> >>> >>> For the while I went with >>> >>> # setsebool -P mmap_low_allowed on >>> >>> And it's taking quite a while to complete the job. The command is >>> using almost all of my old Athlon CPU for quite some time already. >>> >>> Is this normal? >>> >>> Note: last selinux-policy-targeted update got stuck and I eventually >>> had to stop it and then complete it afterwards (with >>> yum-complete-transaction). Just saying to give a perspective. Maybe I >>> should stop the setsebool process (not doing anything now in case I get >>> an answer)? -- selinux mailing list selinux@lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> >> >> >> setsebool -P and semanage commands are slow, they are doing a full >> recompile of all policy. > OK, I understand this. But what's the reason to be semanage boolean -l much > slower than getsebool -a No recompiling, just gathering the booleans > default state and short summary in addition to the second command. > Yes this is because semanage is doing a lot of initialization stuff that could probably be avoided if we were a little smarter. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBrL3gACgkQrlYvE4MpobNwwwCbBjKPyd+Ssl omlyJJHj3xggJv toYAnixNTm/kNynaC5fDi7QBGN8P5Qjt =vErS -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 02:13 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.