On Fri, Sep 16, 2016 at 06:51:25AM -0700, William Roberts wrote:
> On Fri, Sep 16, 2016 at 6:43 AM, William Roberts
> <bill.c.robe...@gmail.com> wrote:
> > On Fri, Sep 16, 2016 at 6:31 AM, Jason Zaman <ja...@perfinion.com> wrote:
> >> On Fri, Sep 16, 2016 at 06:15:01AM -0700, William Roberts wrote:
> >>> On Fri, Sep 16, 2016 at 6:09 AM, Janis Danisevskis <jda...@google.com> 
> >>> wrote:
> >>> > I don't mind. Then before sefcontext_compile -r gets widely adapted we
> >>> > should change the semantic quickly. I'll prepare a patch.
> >>>
> >>> Did I miss something and this was merged? Iv'e been out recovering
> >>> from a surgery so I haven't been
> >>> following this as well as I normally would have,
> >>>
> >>> If its merged, just leave it.
> >>
> >> Its the very latest thing in master yeah, but I do also agree with 
> >> changing it.
> >
> > I'd prefer it changed myself. Another argument pro-change is that one 
> > doesn't
> > know if its a PCRE2 or PCRE1 compatable version of the libraries, we should
> > probably have an ability to intergoate that via API so we can print it
> > out in help
> > dialogue, that this tool so we at least know what it can support.
> >
> > The biggest thing that needs to get fixed with this, is that no matter
> > if it contains the
> > pre-compiled regexs or not, it should always load and work on Android.
> > In distros,
> > it will fall back to file_contexts, but we don't have this in Android.
> > This ties into the arch
> > version information below. But if the arch differs, always recompile.
> > The alternative to
> > this, is just go back to textual fc file son Android, since we won't
> > be using any of the
> > features of binary fc's. Better yet, in the Android build, I would
> > check to see if host arch
> > is the same as target arch, or let an OEM set a flag, to do the
> > compilation. But I would
> > consider those stretch goals, and just revert android back to textual files.
> My ramblings might not be clear here. If we just version it with arch
> and require
> an exact match, we don't need -r, so that option goes away.

This is what I was aiming for too, currently the pcre_version() is just
strcmp'd so changing it to cat(pcre2_version(), arch_string()) should
avoid any problems. It may turn out to be overzealous but it will always
be safe. I dont think splitting pcre_version and arch into separate
fields makes a huge difference if you prefer that. Currently the version
numbers are not parsed tho, so checking arch only for pcre2 seems like a
lot more work.

-- Jason
Selinux mailing list
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Reply via email to