From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Eamon Walsh <ewalsh@tycho.nsa.gov>,
SELinux List <selinux@tycho.nsa.gov>,
Stephen Lawrence <slawrence@tresys.com>,
Daniel J Walsh <dwalsh@redhat.com>
Subject: Re: libselinux version bump past 99
Date: Tue, 15 Mar 2011 08:10:52 -0400 [thread overview]
Message-ID: <1300191052.17384.3.camel@moss-pluto> (raw)
In-Reply-To: <4D7EA42A.2030802@windriver.com>
On Mon, 2011-03-14 at 19:26 -0400, Paul Gortmaker wrote:
> On 11-03-08 05:26 PM, Eamon Walsh wrote:
> > Libselinux has reached version 2.0.99 and I need to push a bug fix, just checking to make sure 2.0.100 is fine and won't cause any problems e.g. with upgrades.
> >
> >
>
> On a related note, is there a reason why the shared objects don't
> track a similar versioning number? We came across a situation
> where an internal update added a new dir for libs. But note the
> shared objects are hard coded to version 1, and the old selinux
> libs just happened to be found 1st. Which leads to a cryptic
> internal selinux error message like this:
>
> "libsepol.policydb_read: policydb module version 10 does not
> match my version range 4-8"
>
> Granted, this may not be a common problem, but the solution that
> came to me was to simply let the normal ld.so dynamic library
> versioning do its job in determining which bins need which libs;
> something that it is remarkably good at. :)
As I understand it, the .so version should only be changed upon an
incompatible ABI change, not upon implementation changes or compatible
ABI changes. And per-symbol versioning seems to be preferred these
days, as per:
http://www.akkadia.org/drepper/dsohowto.pdf
See libsemanage.map for an example.
But the question of what policy version is supported by a given release
of libsepol has nothing to do with its ABI.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2011-03-15 12:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-08 22:26 libselinux version bump past 99 Eamon Walsh
2011-03-09 13:06 ` Stephen Smalley
2011-03-09 15:48 ` Daniel J Walsh
2011-03-09 16:02 ` Steve Lawrence
2011-03-09 15:32 ` Daniel J Walsh
2011-03-14 23:26 ` Paul Gortmaker
2011-03-15 11:24 ` Russell Coker
2011-03-15 12:13 ` Stephen Smalley
2011-03-15 12:10 ` Stephen Smalley [this message]
2011-03-16 16:04 ` Paul Gortmaker
2011-03-16 16:07 ` Stephen Smalley
2011-03-16 17:59 ` Paul Gortmaker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1300191052.17384.3.camel@moss-pluto \
--to=sds@tycho.nsa.gov \
--cc=dwalsh@redhat.com \
--cc=ewalsh@tycho.nsa.gov \
--cc=paul.gortmaker@windriver.com \
--cc=selinux@tycho.nsa.gov \
--cc=slawrence@tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.