Le Sat, 05 Jul 2014 20:11:44 +1000, Russell Coker <russ...@coker.com.au> a écrit :
> On Sat, 5 Jul 2014 11:03:32 Laurent Bigonville wrote: > > Quickly looking a the libsepol case, I'm not sure why we are > > re-executing init in this case at all. sysvinit doesn't seems to use > > any of its symbols and libselinux itself is statically linked > > against it. > > > > Or did I overlooked something? > > You are correct. When looking through the code it seems that > libsepol is only used for audit2why.so (used for that one application > and nothing else apparently) and for selinux_mkload_policy(3) (which > I don't think is called by any init program). > > I think this is all fairly ugly anyway. Statically linking libraries > is generally a bad thing to do and needlessly linking in code in > essential libraries is always a bad thing. > > If I was in a position to change this (and I'm not given the cross > distribution issues) then I would have selinux_mkload_policy(3) > exported from libsepol.so and have the dependencies go from > libsepol.so to libselinux.so so that systemd, init, and other > programs which only need the base libselinux.so functionality can > skip any form of linking against libsepol.so code. > But this means that we could drop the telinit u from the libsepol postinst script, correct? _______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel