From: Paul Gortmaker <paul.gortmaker@windriver.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eamon Walsh <ewalsh@tycho.nsa.gov>,
SELinux List <selinux@tycho.nsa.gov>,
Stephen Lawrence <slawrence@tresys.com>,
Daniel J Walsh <dwalsh@redhat.com>
Subject: Re: libselinux version bump past 99
Date: Wed, 16 Mar 2011 12:04:06 -0400 [thread overview]
Message-ID: <4D80DF76.7060802@windriver.com> (raw)
In-Reply-To: <1300191052.17384.3.camel@moss-pluto>
On 11-03-15 08:10 AM, Stephen Smalley wrote:
> On Mon, 2011-03-14 at 19:26 -0400, Paul Gortmaker wrote:
>> On 11-03-08 05:26 PM, Eamon Walsh wrote:
>>> Libselinux has reached version 2.0.99 and I need to push a bug fix, just checking to make sure 2.0.100 is fine and won't cause any problems e.g. with upgrades.
>>>
>>>
>> On a related note, is there a reason why the shared objects don't
>> track a similar versioning number? We came across a situation
>> where an internal update added a new dir for libs. But note the
>> shared objects are hard coded to version 1, and the old selinux
>> libs just happened to be found 1st. Which leads to a cryptic
>> internal selinux error message like this:
>>
>> "libsepol.policydb_read: policydb module version 10 does not
>> match my version range 4-8"
>>
>> Granted, this may not be a common problem, but the solution that
>> came to me was to simply let the normal ld.so dynamic library
>> versioning do its job in determining which bins need which libs;
>> something that it is remarkably good at. :)
> As I understand it, the .so version should only be changed upon an
> incompatible ABI change, not upon implementation changes or compatible
Sure, and the above error message clearly indicates that
this has not been done in the past. So as I'd hinted at,
the question then becomes when to start implementing
it, if people agree it makes sense to do what every other
library does.
The simplest answer seems to be to align it upon the
next incompatible ABI change you have queued up.
Leaving it hard coded at 1 forever just seems misleading,
and causes errors like the one I showed above.
Thanks,
Paul.
> ABI changes. And per-symbol versioning seems to be preferred these
> days, as per:
> http://www.akkadia.org/drepper/dsohowto.pdf
>
> See libsemanage.map for an example.
>
> But the question of what policy version is supported by a given release
> of libsepol has nothing to do with its ABI.
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2011-03-16 16:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-08 22:26 libselinux version bump past 99 Eamon Walsh
2011-03-09 13:06 ` Stephen Smalley
2011-03-09 15:48 ` Daniel J Walsh
2011-03-09 16:02 ` Steve Lawrence
2011-03-09 15:32 ` Daniel J Walsh
2011-03-14 23:26 ` Paul Gortmaker
2011-03-15 11:24 ` Russell Coker
2011-03-15 12:13 ` Stephen Smalley
2011-03-15 12:10 ` Stephen Smalley
2011-03-16 16:04 ` Paul Gortmaker [this message]
2011-03-16 16:07 ` Stephen Smalley
2011-03-16 17:59 ` Paul Gortmaker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D80DF76.7060802@windriver.com \
--to=paul.gortmaker@windriver.com \
--cc=dwalsh@redhat.com \
--cc=ewalsh@tycho.nsa.gov \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=slawrence@tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.