* Trouble with /lib/libselinux and linking
@ 2006-05-31 9:30 Mario Fanelli
2006-05-31 10:23 ` Valdis.Kletnieks
0 siblings, 1 reply; 3+ messages in thread
From: Mario Fanelli @ 2006-05-31 9:30 UTC (permalink / raw)
To: SeLinux Mailing List
I have written a simple program that uses SELinux API but when I try to
compile it, gcc gives me an error says that it's unable to resolve reference
to getcon() function.
The program is like:
#include <selinux/selinux.h>
#include <stdio.h>
int main(int argc,char *argv[]){
security_context_t scontext;
if(getcon(&scontext))....
}
The only way is to link statically the library and thus if I use "gcc
-lselinux program.c" all works...
Moreover if I use nm on libselinux.so, I don't receive any output..Isn't it
unusual?
Anyone can give me a explanation?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Trouble with /lib/libselinux and linking 2006-05-31 9:30 Trouble with /lib/libselinux and linking Mario Fanelli @ 2006-05-31 10:23 ` Valdis.Kletnieks 2006-05-31 13:01 ` Stephen Smalley 0 siblings, 1 reply; 3+ messages in thread From: Valdis.Kletnieks @ 2006-05-31 10:23 UTC (permalink / raw) To: Mario Fanelli; +Cc: SeLinux Mailing List [-- Attachment #1: Type: text/plain, Size: 2555 bytes --] On Wed, 31 May 2006 11:30:58 +0200, Mario Fanelli said: (Nothing here is SELinux-specific, it's all generic info for developing software under Linux...) > I have written a simple program that uses SELinux API but when I try to > compile it, gcc gives me an error says that it's unable to resolve reference > to getcon() function. > The only way is to link statically the library and thus if I use "gcc > -lselinux program.c" all works... In general, if it isn't in libc.so, you'll have to supply a -l parameter so gcc can find it. There's a *lot* of other libraries in /lib and /usr/lib that work the same way. Your program is almost certainly not linked statically - it's probably got a runtime shared library reference. You can tell which it is with the 'ldd' command: % ldd /usr/bin/chcon linux-gate.so.1 => (0xb7f31000) libselinux.so.1 => /lib/libselinux.so.1 (0xb7f05000) libc.so.6 => /lib/libc.so.6 (0xb7dd2000) libdl.so.2 => /lib/libdl.so.2 (0xb7dce000) libsepol.so.1 => /lib/libsepol.so.1 (0xb7d8b000) /lib/ld-linux.so.2 (0xb7f32000) The 'chcon' command is linked against the selinux and sepol shared libraries, and a number of other things as well. % ldd /sbin/lvm.static not a dynamic executable Now *this* one is statically linked. Creating a static binary requires special compile and linking flags - so you probably would *know* it if you had done it. In general, the only things that need to be statically linked are binaries needed in *very* early system boot (such as on an initrd or initramfs image) that need to run before the root filesystem is mounted (LVM, commands to spin up a RAID disk, etc). Once the system gets far enough to be able to find its /lib directory, you can run programs that use those libraries... > Moreover if I use nm on libselinux.so, I don't receive any output..Isn't it > unusual? That just means the library has been fed to the 'strip' command. % file /lib/libselinux.so.1 /lib/libselinux.so.1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped 'man strip' for the details, but basically it trims out a lot of auxillary information not needed for execution (like the info that 'nm' uses for its output). The resulting file is often much smaller. This also causes problems when debugging (the 'gdb' debugger will show "??" for function names, etc). At least on Fedora, for every 'foo' RPM, there is usually also a 'foo-debuginfo' RPM that includes a separate copy of that information so you can debug problems. [-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Trouble with /lib/libselinux and linking 2006-05-31 10:23 ` Valdis.Kletnieks @ 2006-05-31 13:01 ` Stephen Smalley 0 siblings, 0 replies; 3+ messages in thread From: Stephen Smalley @ 2006-05-31 13:01 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: Mario Fanelli, SeLinux Mailing List On Wed, 2006-05-31 at 06:23 -0400, Valdis.Kletnieks@vt.edu wrote: > On Wed, 31 May 2006 11:30:58 +0200, Mario Fanelli said: > > (Nothing here is SELinux-specific, it's all generic info for developing > software under Linux...) > > > I have written a simple program that uses SELinux API but when I try to > > compile it, gcc gives me an error says that it's unable to resolve reference > > to getcon() function. > > > The only way is to link statically the library and thus if I use "gcc > > -lselinux program.c" all works... > > In general, if it isn't in libc.so, you'll have to supply a -l parameter > so gcc can find it. There's a *lot* of other libraries in /lib and /usr/lib > that work the same way. > > Your program is almost certainly not linked statically - it's probably got > a runtime shared library reference. You can tell which it is with the 'ldd' > command: > > % ldd /usr/bin/chcon > linux-gate.so.1 => (0xb7f31000) > libselinux.so.1 => /lib/libselinux.so.1 (0xb7f05000) > libc.so.6 => /lib/libc.so.6 (0xb7dd2000) > libdl.so.2 => /lib/libdl.so.2 (0xb7dce000) > libsepol.so.1 => /lib/libsepol.so.1 (0xb7d8b000) > /lib/ld-linux.so.2 (0xb7f32000) > > The 'chcon' command is linked against the selinux and sepol shared libraries, > and a number of other things as well. > > % ldd /sbin/lvm.static > not a dynamic executable > > Now *this* one is statically linked. Creating a static binary requires > special compile and linking flags - so you probably would *know* it if > you had done it. > > In general, the only things that need to be statically linked are binaries > needed in *very* early system boot (such as on an initrd or initramfs image) > that need to run before the root filesystem is mounted (LVM, commands to spin > up a RAID disk, etc). Once the system gets far enough to be able to find its > /lib directory, you can run programs that use those libraries... > > > Moreover if I use nm on libselinux.so, I don't receive any output..Isn't it > > unusual? > > That just means the library has been fed to the 'strip' command. > > % file /lib/libselinux.so.1 > /lib/libselinux.so.1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped > > 'man strip' for the details, but basically it trims out a lot of auxillary > information not needed for execution (like the info that 'nm' uses for its > output). The resulting file is often much smaller. This also causes problems > when debugging (the 'gdb' debugger will show "??" for function names, etc). At > least on Fedora, for every 'foo' RPM, there is usually also a 'foo-debuginfo' > RPM that includes a separate copy of that information so you can debug > problems. Note that you can display the dynamic symbol table via any of: nm -D /lib/libselinux.so.1 objdump -T /lib/libselinux.so.1 readelf -s /lib/libselinux.so.1 eu-readelf -s /lib/libselinux.so.1 -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-05-31 13:01 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-05-31 9:30 Trouble with /lib/libselinux and linking Mario Fanelli 2006-05-31 10:23 ` Valdis.Kletnieks 2006-05-31 13:01 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.