Re: libsepol policycap names
On Wed, Mar 07, 2018 at 04:19:33PM +0800, Jason Zaman wrote: > On Mon, Mar 05, 2018 at 09:03:10AM -0500, Stephen Smalley wrote: > > On 03/02/2018 01:49 PM, Chris PeBenito wrote: > > > I've been able to make SETools dynamically link to libsepol. However, > > > one challenge is with policycap names. They're static libsepol, with > > > nothing that exports them. Can we either: > > > > > > * export the sepol_polcap_getname() function, or > > > * move the polcap_names[] in polcaps.c into ? > > > > > > Then I can avoid having to manually keep a polcap name list inside > > > SETools. > > > > Let's do the former (and also export sepol_polcap_getnum for > > consistency). Did you want to spin up a patch or were you asking us to > > do so? > > If we put polcap_names[] in the .h file, would it mean that setools and > any other programs need to be re-compiled to see any changes? if thats > the case then only sepol_polcap_getname() would be easier for > maintenance. Oops i read it wrong, you mean export both the functions not the array, in that case yes agreed completely. -- Jason
Re: libsepol policycap names
On Mon, Mar 05, 2018 at 09:03:10AM -0500, Stephen Smalley wrote: > On 03/02/2018 01:49 PM, Chris PeBenito wrote: > > I've been able to make SETools dynamically link to libsepol. However, > > one challenge is with policycap names. They're static libsepol, with > > nothing that exports them. Can we either: > > > > * export the sepol_polcap_getname() function, or > > * move the polcap_names[] in polcaps.c into ? > > > > Then I can avoid having to manually keep a polcap name list inside SETools. > > Let's do the former (and also export sepol_polcap_getnum for > consistency). Did you want to spin up a patch or were you asking us to > do so? If we put polcap_names[] in the .h file, would it mean that setools and any other programs need to be re-compiled to see any changes? if thats the case then only sepol_polcap_getname() would be easier for maintenance. -- Jason
Re: libsepol policycap names
On 03/02/2018 01:49 PM, Chris PeBenito wrote: > I've been able to make SETools dynamically link to libsepol. However, > one challenge is with policycap names. They're static libsepol, with > nothing that exports them. Can we either: > > * export the sepol_polcap_getname() function, or > * move the polcap_names[] in polcaps.c into ? > > Then I can avoid having to manually keep a polcap name list inside SETools. Let's do the former (and also export sepol_polcap_getnum for consistency). Did you want to spin up a patch or were you asking us to do so?
Re: libsepol policycap names
On Fri, Mar 2, 2018 at 10:49 AM, Chris PeBenito wrote: > I've been able to make SETools dynamically link to libsepol. However, one > challenge is with policycap names. They're static libsepol, with nothing > that exports them. Can we either: > > * export the sepol_polcap_getname() function, or > * move the polcap_names[] in polcaps.c into ? > > Then I can avoid having to manually keep a polcap name list inside SETools. I would rather export the sepol_polcap_getname() rather than the raw mapping array. > > -- > Chris PeBenito >
