[refpolicy] [PATCH 0/4 v2] Create non_auth_file_type attribute and some eliminate set expressions
Christopher J. PeBenito
cpebenito at tresys.com
Fri May 4 08:15:56 CDT 2012
On 04/25/12 10:25, James Carter wrote:
> This patch set reduces the binary policy size on my system from 4.7M to
> 2.1M with sediff showing no changes other than the addition of the new
> attribute. This patch set also makes Refpolicy easier to convert to CIL.
>
> It does this by eliminating some set expressions related to file
> accesses. A new type attribute called non_auth_file_type is created
> along with interfaces to allow access to files with this attribute.
> These alternative interfaces can be used instead of the
> *_except_auth_files interfaces which use a set expression that expands
> into a large number of rules.
>
> In this version of the patch set:
> - White space errors have been corrected (I think)
> - The new interfaces in files.if have been put together and placed
> before the configuration file interfaces.
> - Renamed the files_read_non_auth_dirs to be files_list_non_auth_dirs.
> - Changed the authlogin.if interfaces to use the new interfaces and
> deprecated them.
This set is merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list