[yocto] [meta-selinux][PATCH 1/2] bzip SELinux policy modules in ${datadir}

[Joe MacDonald]

From: Philip Tricca <fl...@twobit.us>

The 'semodule' utility can operate on compresed modules so the only
cost of this change is a slower module load time when invoking
'semodule -i' on a running system (increased CPU load due to bzip2).
That said my tests show more than 100M reduction in ext3 image size
of core-image-selinux. This last metric is a bit skewed as the image
includes two policies. Still, a reduction in the size of the refpolicy
package by 1/2 is significant.

Signed-off-by: Philip Tricca <fl...@twobit.us>
Signed-off-by: Joe MacDonald <j...@deserted.net>
---
 recipes-security/refpolicy/refpolicy_common.inc |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc 
b/recipes-security/refpolicy/refpolicy_common.inc
index 2ee42e1..b46903f 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -12,7 +12,7 @@ SRC_URI += "file://customizable_types \
 S = "${WORKDIR}/refpolicy"
 
 FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
-       ${datadir}/selinux/${POLICY_NAME}/*.pp"
+       ${datadir}/selinux/${POLICY_NAME}/*.pp.bz2"
 FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
 
 DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,11 +79,12 @@ EOF
        mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
        mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
        touch 
${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
-       bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp  > \
-               ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
        for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+               bzip2 $i
                if [ "`basename $i`" != "base.pp" ]; then
-                       bzip2 -c $i > 
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+                       cp ${i}.bz2 
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
+               else
+                       cp ${i}.bz2 
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
                fi
        done
 
-- 
1.7.10.4

_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto