search

SELinuxProject / selinux

This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to selinux@vger.kernel.org
Other
1.35k stars 360 forks source link

whether selinux policy config file file_contexts.bin is necessary? #376

Closed hurricane618 closed 1 year ago

hurricane618 commented 1 year ago

I want to delete the file_contexts.bin due to insufficient storage space. However, I searched the map and found that there was a use of the file. Does deleting this file affect selinux?

# cat /proc/*/smaps | grep context
ffffb7bff000-ffffb7c00000 r--p 00000000 00:02 3610                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.local.bin
ffffb7c00000-ffffb7c01000 r--p 00000000 00:02 3607                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.homedirs.bin
ffffb7c01000-ffffb7c08000 r--p 00000000 00:02 3609                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.bin
ffffb7c09000-ffffb7c0a000 r--p 00000000 00:02 3610                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.local.bin
ffffb7c0a000-ffffb7c11000 r--p 00000000 00:02 3609                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.bin
ffffb7c39000-ffffb7c3a000 r--p 00000000 00:02 3607                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.homedirs.bin
ffff99cd1000-ffff99cd8000 r--p 00000000 00:02 3609                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.bin
ffff99d2d000-ffff99d2e000 r--p 00000000 00:02 3610                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.local.bin
ffff99d2e000-ffff99d2f000 r--p 00000000 00:02 3607                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.homedirs.bin
ffffb775b000-ffffb7762000 r--p 00000000 00:02 3609                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.bin
ffffb7794000-ffffb7795000 r--p 00000000 00:02 3610                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.local.bin
ffffb7795000-ffffb7796000 r--p 00000000 00:02 3607                       /etc/selinux/mls_base_policy/contexts/files/file_contexts.homedirs.bin
bachradsusi commented 1 year ago

These files contain precompiled PCRE expressions taken from file_context.* files. It's possible to remove them, but there could be a performance impact on labeling operations. And they would be re-created after semodule -B or similar operation like semanage fcontext -a ...

hurricane618 commented 1 year ago

Thank you very much. Your reply solved my doubts.