From: James Antill <jantill@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: [RFC][PATCH] libselinux: Namespacing
Date: Fri, 11 May 2007 10:39:34 -0400 [thread overview]
Message-ID: <1178894374.12294.164.camel@code.and.org> (raw)
In-Reply-To: <1178887672.3504.159.camel@moss-spartans.epoch.ncsc.mil>
[-- Attachment #1: Type: text/plain, Size: 1471 bytes --]
On Fri, 2007-05-11 at 08:47 -0400, Stephen Smalley wrote:
> On Fri, 2007-05-11 at 08:42 -0400, Stephen Smalley wrote:
> > /* Free the memory allocated for a context by any of the below get* calls. */
> > - extern void freecon(security_context_t con);
> > + extern void selinux_freecon(security_context_t con);
> > +#if SELINUX_COMPAT_API
> > +#define freecon(c) selinux_freecon(c)
> > +#else
> > +#error "freecon replaced by selinux_freecon; please update callers."
> > +#endif
>
> Oops, that won't work. Any way to embed an #error within a #define, so
> that we can trigger the #error only upon encountering a freecon(x)?
Right, I was confused what you wanted for a minute there :). As for a
message when freecon() is used, there's:
#define freecon(x) char freecon_is_replaced_by_selinux_freecon[-1]
..or:
#define freecon(x) selinux_namespace()
/* in some C file somewhere */
void selinux_namespace(void)
{
abort();
}
link_warning (selinux_namespace, "if SELINUX_COMPAT_API isn't defined
the function you are looking for should be prefixed with \"selinux_\".
Please update the callers.")
...where link_warning() is from glibc as:
# define link_warning(symbol, msg) \
__make_section_unallocated (".gnu.warning." #symbol) \
static const char __evoke_link_warning_##symbol[] \
__attribute__ ((used, section (".gnu.warning." #symbol __sec_comment))) \
= msg;
--
James Antill <jantill@redhat.com>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
prev parent reply other threads:[~2007-05-11 14:39 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-10 20:12 [RFC][PATCH] libselinux: Namespacing Stephen Smalley
2007-05-10 20:31 ` Karl MacMillan
2007-05-11 12:37 ` Stephen Smalley
2007-05-11 18:37 ` Karl MacMillan
2007-05-29 19:17 ` Eamon Walsh
2007-05-30 14:45 ` Stephen Smalley
2007-05-31 16:27 ` Karl MacMillan
2007-05-10 22:12 ` James Antill
2007-05-11 12:42 ` Stephen Smalley
2007-05-11 12:47 ` Stephen Smalley
2007-05-11 14:39 ` James Antill [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1178894374.12294.164.camel@code.and.org \
--to=jantill@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.