[ SEPOL ] Further users cleanup

[ SEPOL ] Further users cleanup

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 372 bytes --]

- remove select/kill/clear_unused things (will only be used in genusers)
- remove delete (all changes will be additive for now, through semanage)

- move delusers things into genusers.c
- move genusers/genbools prototypes from sepol.h into their respective 
headers

- map: remove sepol_clear_unused_users
- map: remove duplicate sepol_set_delusers (it's in there twice) 

[-- Attachment #2: libsepol.user_cleanup.diff --]
[-- Type: text/x-patch, Size: 10242 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policy_components.c --exclude '*_record.c' --exclude '*_record.h' --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/include/sepol/booleans.h new/libsepol/include/sepol/booleans.h
--- old/libsepol/include/sepol/booleans.h	2005-10-07 16:45:17.000000000 -0400
+++ new/libsepol/include/sepol/booleans.h	2005-10-21 10:58:33.000000000 -0400
@@ -5,6 +5,28 @@
 #include <sepol/policydb.h>
 #include <sepol/boolean_record.h>
 
+/*--------------compatibility--------------*/
+
+/* Given an existing binary policy (starting at 'data', with length 'len')
+   and a boolean configuration file named by 'boolpath', rewrite the binary
+   policy for the boolean settings in the boolean configuration file.
+   The binary policy is rewritten in place in memory.
+   Returns 0 upon success, or -1 otherwise. */
+extern int sepol_genbools(
+	void *data, size_t len, 
+	char *boolpath);
+
+/* Given an existing binary policy (starting at 'data', with length 'len')
+   and boolean settings specified by the parallel arrays ('names', 'values')
+   with 'nel' elements, rewrite the binary policy for the boolean settings.
+   The binary policy is rewritten in place in memory.
+   Returns 0 upon success or -1 otherwise. */
+extern int sepol_genbools_array(
+	void *data, size_t len, 
+	char **names, int *values, 
+	int nel);
+/*---------------end compatbility------------*/
+
 /* Load a boolean into the policy */
 extern int sepol_bool_load (
 	sepol_policydb_t* policydb, 
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policy_components.c --exclude '*_record.c' --exclude '*_record.h' --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/include/sepol/sepol.h new/libsepol/include/sepol/sepol.h
--- old/libsepol/include/sepol/sepol.h	2005-10-13 13:06:06.000000000 -0400
+++ new/libsepol/include/sepol/sepol.h	2005-10-21 10:58:26.000000000 -0400
@@ -19,33 +19,6 @@
 #include <sepol/policydb.h>
 #include <sepol/module.h>
 
-/* Given an existing binary policy (starting at 'data', with length 'len')
-   and a boolean configuration file named by 'boolpath', rewrite the binary
-   policy for the boolean settings in the boolean configuration file.
-   The binary policy is rewritten in place in memory.
-   Returns 0 upon success, or -1 otherwise. */
-extern int sepol_genbools(void *data, size_t len, char *boolpath);
-
-/* Given an existing binary policy (starting at 'data', with length 'len')
-   and boolean settings specified by the parallel arrays ('names', 'values')
-   with 'nel' elements, rewrite the binary policy for the boolean settings.  
-   The binary policy is rewritten in place in memory.
-   Returns 0 upon success or -1 otherwise. */
-extern int sepol_genbools_array(void *data, size_t len, char **names, int *values, int nel);
-
-/* Given an existing binary policy (starting at 'data with length 'len')
-   and user configurations living in 'usersdir', generate a new binary
-   policy for the new user configurations.  Sets '*newdata' and '*newlen'
-   to refer to the new binary policy image. */
-extern int sepol_genusers(void *data, size_t len,
-			  const char *usersdir,
-			  void **newdata, size_t *newlen);
-
-/* Enable or disable deletion of users by sepol_genusers(3) when
-   a user in original binary policy image is not defined by the
-   new user configurations.  Defaults to disabled. */
-extern void sepol_set_delusers(int on);
-
 /* Set internal policydb from a file for subsequent service calls. */
 extern int sepol_set_policydb_from_file(FILE *fp);
 
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policy_components.c --exclude '*_record.c' --exclude '*_record.h' --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/include/sepol/users.h new/libsepol/include/sepol/users.h
--- old/libsepol/include/sepol/users.h	2005-10-21 09:54:18.000000000 -0400
+++ new/libsepol/include/sepol/users.h	2005-10-21 10:56:26.000000000 -0400
@@ -5,14 +5,23 @@
 #include <sepol/user_record.h>
 #include <stddef.h>
 
-/* Clear unused users */
-extern void sepol_clear_unused_users(
-	sepol_policydb_t* policydb);
+/*---------compatibility------------*/
 
-/* Delete the user */
-extern int sepol_user_del(
-	sepol_policydb_t* policydb, 
-	const char *username);
+/* Given an existing binary policy (starting at 'data with length 'len')
+   and user configurations living in 'usersdir', generate a new binary
+   policy for the new user configurations.  Sets '*newdata' and '*newlen'
+   to refer to the new binary policy image. */
+extern int sepol_genusers(
+	void *data, size_t len,
+	const char *usersdir,
+	void **newdata, size_t *newlen);
+
+/* Enable or disable deletion of users by sepol_genusers(3) when
+   a user in original binary policy image is not defined by the
+   new user configurations.  Defaults to disabled. */
+extern void sepol_set_delusers(int on);
+
+/*--------end compatibility----------*/
 
 /* Add the user if missing, or modify otherwise */
 extern int sepol_user_modify(
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policy_components.c --exclude '*_record.c' --exclude '*_record.h' --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/src/genusers.c new/libsepol/src/genusers.c
--- old/libsepol/src/genusers.c	2005-10-18 10:08:39.000000000 -0400
+++ new/libsepol/src/genusers.c	2005-10-21 10:53:28.000000000 -0400
@@ -12,7 +12,11 @@
 #include "debug.h"
 #include "private.h"
 
-extern int selinux_delusers;
+int selinux_delusers = 0;
+
+void sepol_set_delusers(int on) {
+	selinux_delusers = on;
+}
 
 #undef BADLINE
 #define BADLINE() { \
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policy_components.c --exclude '*_record.c' --exclude '*_record.h' --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/src/libsepol.map new/libsepol/src/libsepol.map
--- old/libsepol/src/libsepol.map	2005-10-21 09:54:25.000000000 -0400
+++ new/libsepol/src/libsepol.map	2005-10-21 10:59:23.000000000 -0400
@@ -1,6 +1,6 @@
 {
   global: 
-	sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; sepol_debug; sepol_set_delusers;
+	sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; sepol_debug; 
 	sepol_policy_file_create; sepol_policy_file_free;
 	sepol_policy_file_set_mem; sepol_policy_file_set_fp;
 	sepol_policy_file_get_len; sepol_policy_file_set_handle;
@@ -19,7 +19,7 @@
 	sepol_module_package_write; 
 	sepol_link_modules; sepol_expand_module;
 	sepol_bool*; sepol_context*;
-	sepol_iface*; sepol_port*; sepol_user*; sepol_clear_unused_users;
+	sepol_iface*; sepol_port*; sepol_user*; 
 	sepol_set_delusers;
 	sepol_msg_*; sepol_handle_*;
   local: *;
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policy_components.c --exclude '*_record.c' --exclude '*_record.h' --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/src/users.c new/libsepol/src/users.c
--- old/libsepol/src/users.c	2005-10-21 09:54:25.000000000 -0400
+++ new/libsepol/src/users.c	2005-10-21 10:54:20.000000000 -0400
@@ -1,5 +1,5 @@
 #include <stdlib.h>
-#include <sys/types.h>
+#include <stddef.h>
 
 #include "private.h"
 #include "debug.h"
@@ -11,113 +11,6 @@
 #include <sepol/users.h>
 #include <sepol/user_record.h>
 
-int selinux_delusers = 0;
-
-void sepol_set_delusers(int on) {
-	selinux_delusers = on;
-}
-
-/* Select users for removal based on whether they were defined in the
-   new users configuration. */
-static int select_user(
-	hashtab_key_t key __attribute__ ((unused)), 
-	hashtab_datum_t datum, 
-	void *datap __attribute__ ((unused))) {
-	user_datum_t *usrdatum = datum;
-
-	if (!usrdatum->defined)
-		return 1;
-	return 0;
-}
-
-/* Kill the user entries selected by select_user, and
-   record that their slots are free. */
-static void kill_user(
-	hashtab_key_t key, 
-	hashtab_datum_t datum, 
-	void *arg)
-{
-	user_datum_t *usrdatum = (user_datum_t*) datum;
-	policydb_t* policydb = (policydb_t*) arg;
-
-	/* Locations of user we're deleting, and last user */
-	int old_pos = usrdatum->value - 1;
-	int last_pos = policydb->p_users.nprim - 1;
-
-	/* Fill hole with last user/data pair */
-	if (old_pos != last_pos) {
-
-		char* last_name = policydb->p_user_val_to_name[last_pos];
-		user_datum_t* last_data = 
-			policydb->user_val_to_struct[last_pos];
-
-		/* Decrement prim */
-		last_data->value--;
-	
-		/* Update sid in reverse mapings */
-		policydb->p_user_val_to_name[old_pos] = last_name;
-		policydb->user_val_to_struct[old_pos] = last_data;
-	}
-
-	/* Decrement prim */
-	policydb->p_users.nprim--;
-	
-	/* Free key and data */
-	if (key)
-		free(key);
-	role_set_destroy(&usrdatum->roles);
-	free(datum);
-}
-
-void sepol_clear_unused_users(sepol_policydb_t* policydb) {
-	if (selinux_delusers) {
-		hashtab_map_remove_on_error(
-			policydb->p.p_users.table,
-			&select_user, 
-			&kill_user, 
-			&policydb->p);
-        }
-}
-
-/* Delete a user from the given policydb. This function will
- * fail if the user does not exist. */
-
-int sepol_user_del(sepol_policydb_t* p, const char* username) {
-	user_datum_t* usrdatum;
-	char* name = NULL;
-	policydb_t *policydb = &p->p;
-
-	name = strdup(username);
-	if (!name) 
-		goto omem;
-	
-	/* See if such a user exists */
-	usrdatum = hashtab_search(policydb->p_users.table, name);
-
-	/* If not, fail */
-	if (usrdatum == NULL) {
-		DEBUG(__FUNCTION__, "%s does not exist in policy\n", name);
-		goto err;
-	}
-	else {
-		if ( hashtab_remove(
-			policydb->p_users.table, name, 
-			&kill_user, policydb) < 0)
-			goto err;
-	}
-
-	free(name);
-	return STATUS_SUCCESS;
-
-	omem:
-	DEBUG(__FUNCTION__, "out of memory\n");
-
-	err:
-	DEBUG(__FUNCTION__, "could not remove %s from policy\n", name);
-	free(name);
-	return STATUS_ERR;
-}
-
 /* Load a user into policydb. The user may exist already, in
  * which case the supplied data replaces the existing data. Alternatively,
  * the user could be new. */

Re: [ SEPOL ] Further users cleanup

[Stephen Smalley]

On Fri, 2005-10-21 at 11:05 -0400, Ivan Gyurdiev wrote:
> - remove select/kill/clear_unused things (will only be used in genusers)
> - remove delete (all changes will be additive for now, through semanage)
> 
> - move delusers things into genusers.c
> - move genusers/genbools prototypes from sepol.h into their respective 
> headers
> 
> - map: remove sepol_clear_unused_users
> - map: remove duplicate sepol_set_delusers (it's in there twice)

Ok.  Note that we'll likely want to remove all wildcards from the map
files (for both libsepol and libsemanage) and explicitly list all
interfaces we want exported to avoid surprises, or at least check that
we aren't exporting anything accidentally.  
nm src/libsepol.so.1 | grep ' T ' shows some interfaces that shouldn't
really be public at present.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Further users cleanup

[Ivan Gyurdiev]

> Ok.  Note that we'll likely want to remove all wildcards from the map
> files (for both libsepol and libsemanage) and explicitly list all
> interfaces we want exported to avoid surprises, or at least check that
> we aren't exporting anything accidentally.  
> nm src/libsepol.so.1 | grep ' T ' shows some interfaces that shouldn't
> really be public at present.
>   
Which ones? I tend to not prefix local things with sepol...


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Further users cleanup

[Stephen Smalley]

On Fri, 2005-10-21 at 12:38 -0400, Ivan Gyurdiev wrote:
> > Ok.  Note that we'll likely want to remove all wildcards from the map
> > files (for both libsepol and libsemanage) and explicitly list all
> > interfaces we want exported to avoid surprises, or at least check that
> > we aren't exporting anything accidentally.  
> > nm src/libsepol.so.1 | grep ' T ' shows some interfaces that shouldn't
> > really be public at present.
> >   
> Which ones? I tend to not prefix local things with sepol...

The services.c functions also had sepol_ prefixes added when audit2why
was created (it uses the static libsepol, but also uses libselinux, and
libselinux has similar functions that interact with the kernel policy
rather than a policy file/image).  Hence, we get symbols like
sepol_context_to_sid and sepol_port_sid exported by the wildcards.
Also, one exported symbol that was pre-existing was
sepol_genbools_policydb, which was likewise created for audit2why and
accidentally exported by the wildcard there, but as there should be no
other users and it was never put into the "public" header, it likely
does no harm to correct it now to only export genbools and
genbools_array.

Also need to fix this:
$ relinfo.pl src/libsepol.so.1
src/libsepol.so.1: 68 relocations, 61 relative (89%), 94 PLT entries, 60 for local syms (63%), 0 users

There shouldn't be any for local syms; need to bring over dso.h and
hidden_def/hidden_proto stuff from libselinux.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Further users cleanup

[Stephen Smalley]

[-- Attachment #1: Type: text/plain, Size: 577 bytes --]

On Fri, 2005-10-21 at 13:38 -0400, Stephen Smalley wrote:
> Also need to fix this:
> $ relinfo.pl src/libsepol.so.1
> src/libsepol.so.1: 68 relocations, 61 relative (89%), 94 PLT entries, 60 for local syms (63%), 0 users
> 
> There shouldn't be any for local syms; need to bring over dso.h and
> hidden_def/hidden_proto stuff from libselinux.

Attached patch does this for the sepol_bool functions used internally by
libsepol.  Same kind of change needs to be made for all sepol functions
that one sees in readelf -r libsepol.so.1

-- 
Stephen Smalley
National Security Agency

[-- Attachment #2: libsepol-hidebool.patch --]
[-- Type: text/x-patch, Size: 4317 bytes --]

diff -X /home/sds/dontdiff -Nrup libsepol.old/src/boolean_internal.h libsepol/src/boolean_internal.h
--- libsepol.old/src/boolean_internal.h	1969-12-31 19:00:00.000000000 -0500
+++ libsepol/src/boolean_internal.h	2005-10-25 10:40:03.000000000 -0400
@@ -0,0 +1,11 @@
+#include <sepol/boolean_record.h>
+#include "dso.h"
+
+hidden_proto(sepol_bool_key_create)
+hidden_proto(sepol_bool_key_unpack)
+hidden_proto(sepol_bool_get_name)
+hidden_proto(sepol_bool_set_name)
+hidden_proto(sepol_bool_get_value)
+hidden_proto(sepol_bool_set_value)
+hidden_proto(sepol_bool_create)
+hidden_proto(sepol_bool_free)
diff -X /home/sds/dontdiff -Nrup libsepol.old/src/boolean_record.c libsepol/src/boolean_record.c
--- libsepol.old/src/boolean_record.c	2005-10-25 10:44:19.000000000 -0400
+++ libsepol/src/boolean_record.c	2005-10-25 10:44:29.000000000 -0400
@@ -2,7 +2,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <sepol/boolean_record.h>
+#include "boolean_internal.h"
 #include "debug.h"
 
 struct sepol_bool {
@@ -36,6 +36,7 @@ int sepol_bool_key_create(
 	*key_ptr = tmp_key;
 	return STATUS_SUCCESS;
 }
+hidden_def(sepol_bool_key_create)
 
 void sepol_bool_key_unpack(
 	sepol_bool_key_t* key,
@@ -43,6 +44,7 @@ void sepol_bool_key_unpack(
 
 	*name = key->name;
 }
+hidden_def(sepol_bool_key_unpack)
 
 int sepol_bool_key_extract(sepol_bool_t* boolean, sepol_bool_key_t** key_ptr) {
 	if (sepol_bool_key_create(boolean->name, key_ptr) < 0) {
@@ -71,6 +73,7 @@ int sepol_bool_compare(
 const char* sepol_bool_get_name(sepol_bool_t* boolean) {
 	return boolean->name;
 }
+hidden_def(sepol_bool_get_name)
 
 int sepol_bool_set_name(sepol_bool_t* boolean, const char* name) {
 	boolean->name = strdup(name);
@@ -81,15 +84,18 @@ int sepol_bool_set_name(sepol_bool_t* bo
 	}
 	return STATUS_SUCCESS;
 }
+hidden_def(sepol_bool_set_name)
 
 /* Value */
 int sepol_bool_get_value(sepol_bool_t* boolean) {
 	return boolean->value;
 }
+hidden_def(sepol_bool_get_value)
 
 void sepol_bool_set_value(sepol_bool_t* boolean, int value) {
 	boolean->value = value;
 }
+hidden_def(sepol_bool_set_value)
 
 /* Create */
 int sepol_bool_create(sepol_bool_t** bool_ptr) {
@@ -107,6 +113,7 @@ int sepol_bool_create(sepol_bool_t** boo
 	*bool_ptr = boolean;
 	return STATUS_SUCCESS;
 }
+hidden_def(sepol_bool_create)
 
 /* Deep copy clone */
 int sepol_bool_clone(sepol_bool_t* boolean, sepol_bool_t** bool_ptr) {
@@ -137,3 +144,4 @@ void sepol_bool_free(sepol_bool_t* boole
 	free(boolean->name);
 	free(boolean);
 }
+hidden_def(sepol_bool_free)
diff -X /home/sds/dontdiff -Nrup libsepol.old/src/booleans.c libsepol/src/booleans.c
--- libsepol.old/src/booleans.c	2005-10-25 10:44:19.000000000 -0400
+++ libsepol/src/booleans.c	2005-10-25 10:44:29.000000000 -0400
@@ -10,7 +10,7 @@
 #include <sepol/policydb/hashtab.h>
 #include <sepol/policydb/policydb.h>
 #include <sepol/policydb/conditional.h>
-#include <sepol/boolean_record.h>
+#include "boolean_internal.h"
 
 static int bool_update (
 	policydb_t* policydb,
diff -X /home/sds/dontdiff -Nrup libsepol.old/src/dso.h libsepol/src/dso.h
--- libsepol.old/src/dso.h	1969-12-31 19:00:00.000000000 -0500
+++ libsepol/src/dso.h	2005-10-25 10:24:46.000000000 -0400
@@ -0,0 +1,23 @@
+#ifndef _SEPOL_DSO_H
+#define _SEPOL_DSO_H	1
+
+#ifdef SHARED
+# define hidden __attribute__ ((visibility ("hidden")))
+# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
+# define __hidden_proto(fct, internal)	\
+     extern __typeof (fct) internal;	\
+     extern __typeof (fct) fct __asm (#internal) hidden;
+# if defined(__alpha__) || defined(__mips__)
+#  define hidden_def(fct) \
+     asm (".globl " #fct "\n" #fct " = " #fct "_internal");
+# else
+#  define hidden_def(fct) \
+     asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
+#endif
+#else
+# define hidden
+# define hidden_proto(fct)
+# define hidden_def(fct)
+#endif
+
+#endif
diff -X /home/sds/dontdiff -Nrup libsepol.old/src/Makefile libsepol/src/Makefile
--- libsepol.old/src/Makefile	2005-10-25 10:44:19.000000000 -0400
+++ libsepol/src/Makefile	2005-10-25 10:44:29.000000000 -0400
@@ -27,7 +27,7 @@ $(LIBSO): $(LOBJS)
 	$(CC) $(CFLAGS) -c -o $@ $<
 
 %.lo:  %.c
-	$(CC) $(CFLAGS) -fPIC -c -o $@ $<
+	$(CC) $(CFLAGS) -fpic -DSHARED -c -o $@ $<
 
 install: all
 	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)

Re: [ SEPOL ] Further users cleanup

[Ivan Gyurdiev]

Stephen Smalley wrote:
> On Fri, 2005-10-21 at 13:38 -0400, Stephen Smalley wrote:
>   
>> Also need to fix this:
>> $ relinfo.pl src/libsepol.so.1
>> src/libsepol.so.1: 68 relocations, 61 relative (89%), 94 PLT entries, 60 for local syms (63%), 0 users
>>
>> There shouldn't be any for local syms; need to bring over dso.h and
>> hidden_def/hidden_proto stuff from libselinux.
>>     
>
> Attached patch does this for the sepol_bool functions used internally by
> libsepol. 
I'm confused, the bool_record is supposed to be exported out of sepol... 
it's shared with semanage. That could change, based on the current 
discussion of sharing records... but I wasn't sure if that's what you 
intended.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Further users cleanup

[Stephen Smalley]

On Tue, 2005-10-25 at 12:01 -0400, Ivan Gyurdiev wrote:
> Stephen Smalley wrote:
> > On Fri, 2005-10-21 at 13:38 -0400, Stephen Smalley wrote:
> >   
> >> Also need to fix this:
> >> $ relinfo.pl src/libsepol.so.1
> >> src/libsepol.so.1: 68 relocations, 61 relative (89%), 94 PLT entries, 60 for local syms (63%), 0 users
> >>
> >> There shouldn't be any for local syms; need to bring over dso.h and
> >> hidden_def/hidden_proto stuff from libselinux.
> >>     
> >
> > Attached patch does this for the sepol_bool functions used internally by
> > libsepol. 
> I'm confused, the bool_record is supposed to be exported out of sepol... 
> it's shared with semanage. That could change, based on the current 
> discussion of sharing records... but I wasn't sure if that's what you 
> intended.

hidden_def/hidden_proto isn't about hiding the symbol from users of the
shared library (that would be done by marking it "hidden", or in the
libsepol case, by omitting it from the map file).
hidden_def/hidden_proto creates an internal reference to the symbol for
use within the library so that intra-library use doesn't require a
relocation.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Further users cleanup

[Ivan Gyurdiev]

>> I'm confused, the bool_record is supposed to be exported out of sepol... 
>> it's shared with semanage. That could change, based on the current 
>> discussion of sharing records... but I wasn't sure if that's what you 
>> intended.
>>     
>
> hidden_def/hidden_proto isn't about hiding the symbol from users of the
> shared library (that would be done by marking it "hidden", or in the
> libsepol case, by omitting it from the map file).
> hidden_def/hidden_proto creates an internal reference to the symbol for
> use within the library so that intra-library use doesn't require a
> relocation.
>   
You only need this for booleans?



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Further users cleanup

[Stephen Smalley]

On Tue, 2005-10-25 at 13:26 -0400, Ivan Gyurdiev wrote:
> >> I'm confused, the bool_record is supposed to be exported out of sepol... 
> >> it's shared with semanage. That could change, based on the current 
> >> discussion of sharing records... but I wasn't sure if that's what you 
> >> intended.
> >>     
> >
> > hidden_def/hidden_proto isn't about hiding the symbol from users of the
> > shared library (that would be done by marking it "hidden", or in the
> > libsepol case, by omitting it from the map file).
> > hidden_def/hidden_proto creates an internal reference to the symbol for
> > use within the library so that intra-library use doesn't require a
> > relocation.
> >   
> You only need this for booleans?

No, I need it for all functions used within the library that are also
exported to users of the shared library.  The patch was just to get you
started.  Not a high priority, mind you, just something we want to do as
a cleanup.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.