From: Ondrej Mosnacek <omosnace@redhat.com>
To: selinux@vger.kernel.org
Subject: [RFC PATCH userspace 0/5] Allow rebuilding policy store only if there were external changes to modules
Date: Thu, 13 Jan 2022 15:39:30 +0100 [thread overview]
Message-ID: <20220113143935.195125-1-omosnace@redhat.com> (raw)
This series extends libsemanage and semodule with optional capability to
detect external changes to modules and perform a rebuild if there are
any. See patch 4 for motivation and more details.
The first three patches are preparatory cleanup/refactoring, patch 4
implements the libsemanage side of the feature described above, and
patch 5 adds a command-line option to semodule that allows to turn on
the feature.
Default behavior of libsemanage and semodule is not changed (apart from
added checksum calculation on each transaction, which however seems to
add no noticeable overhead based on benchmarks - see patch 4 for
details).
I'm posting this as an RFC mainly because I'm unsure about naming of the
new function(s) and the command-line parameter. Suggestions on better
names are welcome, as are any reviews/comments.
Ondrej Mosnacek (5):
libsemanage: add missing include to boolean_record.c
semodule,libsemanage: move module hashing into libsemanage
libsemanage: move compressed file handling into a separate object
libsemanage: optionally rebuild policy when modules are changed
externally
semodule: add command-line option to detect module changes
libsemanage/include/semanage/handle.h | 5 +
libsemanage/include/semanage/modules.h | 25 +
libsemanage/src/boolean_record.c | 4 +-
libsemanage/src/compressed_file.c | 224 +++++++
libsemanage/src/compressed_file.h | 78 +++
libsemanage/src/direct_api.c | 564 ++++++++----------
libsemanage/src/direct_api.h | 4 -
libsemanage/src/handle.c | 11 +-
libsemanage/src/handle.h | 1 +
libsemanage/src/libsemanage.map | 5 +
libsemanage/src/modules.c | 36 ++
libsemanage/src/semanage_store.c | 53 +-
libsemanage/src/semanage_store.h | 1 +
.../src/semanageswig_python_exception.i | 8 +
.../semodule => libsemanage/src}/sha256.c | 0
.../semodule => libsemanage/src}/sha256.h | 0
policycoreutils/semodule/Makefile | 2 +-
policycoreutils/semodule/semodule.c | 74 +--
18 files changed, 704 insertions(+), 391 deletions(-)
create mode 100644 libsemanage/src/compressed_file.c
create mode 100644 libsemanage/src/compressed_file.h
rename {policycoreutils/semodule => libsemanage/src}/sha256.c (100%)
rename {policycoreutils/semodule => libsemanage/src}/sha256.h (100%)
--
2.34.1
next reply other threads:[~2022-01-13 14:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-13 14:39 Ondrej Mosnacek [this message]
2022-01-13 14:39 ` [RFC PATCH userspace 1/5] libsemanage: add missing include to boolean_record.c Ondrej Mosnacek
2022-01-13 14:39 ` [RFC PATCH userspace 2/5] semodule,libsemanage: move module hashing into libsemanage Ondrej Mosnacek
2022-01-20 21:52 ` James Carter
2022-01-21 13:21 ` Ondrej Mosnacek
2022-01-25 15:17 ` Petr Lautrbach
2022-01-13 14:39 ` [RFC PATCH userspace 3/5] libsemanage: move compressed file handling into a separate object Ondrej Mosnacek
2022-01-20 21:58 ` James Carter
2022-01-13 14:39 ` [RFC PATCH userspace 4/5] libsemanage: optionally rebuild policy when modules are changed externally Ondrej Mosnacek
2022-01-20 22:08 ` James Carter
2022-01-21 13:30 ` Ondrej Mosnacek
2022-01-13 14:39 ` [RFC PATCH userspace 5/5] semodule: add command-line option to detect module changes Ondrej Mosnacek
2022-01-15 17:38 ` Christian Göttsche
2022-01-20 22:10 ` James Carter
2022-01-20 22:12 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220113143935.195125-1-omosnace@redhat.com \
--to=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.