Enable policy optimization

The new v3.0 SELInux userspace added support for optimizing the binary policy by pruning redundant rules from it. Enable it on Fedora by default, since it brings noticeable space savings and only negligibly increases policy build time. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2019-11-08 12:47:09 +01:00 · 2019-11-08 12:47:09 +01:00 · 5c57870019
parent 0549d7c12a
commit 5c57870019
2 changed files with 5 additions and 1 deletions
--- a/libsemanage.spec
+++ b/libsemanage.spec
@ -4,7 +4,7 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 3.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20191204/libsemanage-3.0.tar.gz
 # fedora-selinux/selinux: git format-patch -N libsemanage-3.0 -- libsemanage
@ -156,6 +156,9 @@ sed -i '1s%\(#! */usr/bin/python\)\([^3].*\|\)$%\13\2%' %{buildroot}%{_libexecdi
 %{_libexecdir}/selinux/semanage_migrate_store

 %changelog
+* Wed Jan 22 2020 Ondrej Mosnacek <omosnace@redhat.com> - 3.0-2
+- Enable policy optimization
+
 * Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
 - SELinux userspace 3.0 release

--- a/semanage.conf
+++ b/semanage.conf
@ -50,6 +50,7 @@ usepasswd=False
 bzip-small=true
 bzip-blocksize=5
 ignoredirs=/root
+optimize-policy=true

 [sefcontext_compile]
 path = /usr/sbin/sefcontext_compile