CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
979b3caf98
meta-selinux/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
Yi Zhao 979b3caf98 selinux: upgrade 3.8.1 -> 3.9 
ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.9

* Support static-only builds with DISABLE_SHARED=y
* Add restore option to modify user and role portions
* setfiles: Add -U option to modify user and role portions
* semanage.conf: Add relabel_store config option
* semodule: Add [-g PATH |--config=PATH] for an alternate path for the
  semanage config
* libselinux: Fix local literal fcontext definitions priority
* libselinux: Fix order for path substitutions
* libsepol: Add new 'netif_wildcard' policy capability
* checkpolicy: Add support for wildcard netifcon names
* libsepol: Allow multiple policycap statements
* libsepol: Support genfs_seclabel_wildcard
* Replace all links to selinuxproject.org
* Bug fixes

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2025-08-07 21:06:27 +08:00

34 lines
1.3 KiB
Diff
Raw Blame History

From deeb4536309e53478650a2b4d1c01f01422fa75f Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Wed, 7 May 2014 11:36:27 -0400
Subject: [PATCH] libsemanage: disable expand-check on policy load
For small policy modules it's not necessary to walk the hierarchy on load.
On embedded devices that are low-powered or resource-constrained disabling
the hierarchy processing can make the difference between seconds and
(many) minutes of load time (or being able to load the policy at all).
Upstream-Status: Denied [upstream developers want to preserve the default
checking: http://marc.info/?l=selinux&m=121794804217721&w=2]
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
libsemanage/src/semanage.conf | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsemanage/src/semanage.conf b/libsemanage/src/semanage.conf
index 98d769b5..708fa8cb 100644
--- a/libsemanage/src/semanage.conf
+++ b/libsemanage/src/semanage.conf
@@ -40,3 +40,7 @@ module-store = direct
# By default, semanage will generate policies for the SELinux target.
# To build policies for Xen, uncomment the following line.
#target-platform = xen
+
+# Don't check the entire policy hierarchy when inserting / expanding a policy
+# module. This results in a significant speed-up in policy loading.
+expand-check=0
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink