All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ondrej Mosnacek <omosnace@redhat.com>
To: selinux@vger.kernel.org
Subject: [RFC PATCH userspace 0/5] Allow rebuilding policy store only if there were external changes to modules
Date: Thu, 13 Jan 2022 15:39:30 +0100	[thread overview]
Message-ID: <20220113143935.195125-1-omosnace@redhat.com> (raw)

This series extends libsemanage and semodule with optional capability to
detect external changes to modules and perform a rebuild if there are
any. See patch 4 for motivation and more details.

The first three patches are preparatory cleanup/refactoring, patch 4
implements the libsemanage side of the feature described above, and
patch 5 adds a command-line option to semodule that allows to turn on
the feature.

Default behavior of libsemanage and semodule is not changed (apart from
added checksum calculation on each transaction, which however seems to
add no noticeable overhead based on benchmarks - see patch 4 for
details).

I'm posting this as an RFC mainly because I'm unsure about naming of the
new function(s) and the command-line parameter. Suggestions on better
names are welcome, as are any reviews/comments.

Ondrej Mosnacek (5):
  libsemanage: add missing include to boolean_record.c
  semodule,libsemanage: move module hashing into libsemanage
  libsemanage: move compressed file handling into a separate object
  libsemanage: optionally rebuild policy when modules are changed
    externally
  semodule: add command-line option to detect module changes

 libsemanage/include/semanage/handle.h         |   5 +
 libsemanage/include/semanage/modules.h        |  25 +
 libsemanage/src/boolean_record.c              |   4 +-
 libsemanage/src/compressed_file.c             | 224 +++++++
 libsemanage/src/compressed_file.h             |  78 +++
 libsemanage/src/direct_api.c                  | 564 ++++++++----------
 libsemanage/src/direct_api.h                  |   4 -
 libsemanage/src/handle.c                      |  11 +-
 libsemanage/src/handle.h                      |   1 +
 libsemanage/src/libsemanage.map               |   5 +
 libsemanage/src/modules.c                     |  36 ++
 libsemanage/src/semanage_store.c              |  53 +-
 libsemanage/src/semanage_store.h              |   1 +
 .../src/semanageswig_python_exception.i       |   8 +
 .../semodule => libsemanage/src}/sha256.c     |   0
 .../semodule => libsemanage/src}/sha256.h     |   0
 policycoreutils/semodule/Makefile             |   2 +-
 policycoreutils/semodule/semodule.c           |  74 +--
 18 files changed, 704 insertions(+), 391 deletions(-)
 create mode 100644 libsemanage/src/compressed_file.c
 create mode 100644 libsemanage/src/compressed_file.h
 rename {policycoreutils/semodule => libsemanage/src}/sha256.c (100%)
 rename {policycoreutils/semodule => libsemanage/src}/sha256.h (100%)

-- 
2.34.1


             reply	other threads:[~2022-01-13 14:39 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-13 14:39 Ondrej Mosnacek [this message]
2022-01-13 14:39 ` [RFC PATCH userspace 1/5] libsemanage: add missing include to boolean_record.c Ondrej Mosnacek
2022-01-13 14:39 ` [RFC PATCH userspace 2/5] semodule,libsemanage: move module hashing into libsemanage Ondrej Mosnacek
2022-01-20 21:52   ` James Carter
2022-01-21 13:21     ` Ondrej Mosnacek
2022-01-25 15:17       ` Petr Lautrbach
2022-01-13 14:39 ` [RFC PATCH userspace 3/5] libsemanage: move compressed file handling into a separate object Ondrej Mosnacek
2022-01-20 21:58   ` James Carter
2022-01-13 14:39 ` [RFC PATCH userspace 4/5] libsemanage: optionally rebuild policy when modules are changed externally Ondrej Mosnacek
2022-01-20 22:08   ` James Carter
2022-01-21 13:30     ` Ondrej Mosnacek
2022-01-13 14:39 ` [RFC PATCH userspace 5/5] semodule: add command-line option to detect module changes Ondrej Mosnacek
2022-01-15 17:38   ` Christian Göttsche
2022-01-20 22:10     ` James Carter
2022-01-20 22:12   ` James Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220113143935.195125-1-omosnace@redhat.com \
    --to=omosnace@redhat.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.