Re: [V4] libselinux: drop dso.h

From: Ondrej Mosnacek <omosnace@redhat.com>
To: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: William Roberts <bill.c.roberts@gmail.com>,
	Nicolas Iooss <nicolas.iooss@m4x.org>,
	Ulrich Drepper <drepper@redhat.com>,
	Petr Lautrbach <plautrba@redhat.com>,
	SElinux list <selinux@vger.kernel.org>,
	William Roberts <william.c.roberts@intel.com>
Subject: Re: [V4] libselinux: drop dso.h
Date: Wed, 4 Mar 2020 13:26:04 +0100	[thread overview]
Message-ID: <CAFqZXNuUjXwD=k65ACy_fuiYyq3r1rWSV8UpBQEr-+1a8vbXvQ@mail.gmail.com> (raw)
In-Reply-To: <CAEjxPJ4sURPgJuTzGX_MBu-nThwn9NCWDKj0z39Pum8Mhh3axg@mail.gmail.com>

On Tue, Mar 3, 2020 at 7:57 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
> On Mon, Mar 2, 2020 at 11:41 AM <bill.c.roberts@gmail.com> wrote:
> >
> > Version 4:
> >   - Fix linker option warnings.
> >   - Move map file to begining of options.
> >
> > Version 3:
> >   - Add more symbols that should be dropped from the dso:
> >     - map_class;
> >     - map_decision;
> >     - map_perm;
> >
> > Version 2:
> >   - adds a version to the linker script LIBSELINUX_1.0
> >   - Adds a patch to drop some additional symbols from the dso:
> >     - dir_xattr_list
> >     - myprintf_compat
> >     - unmap_class
> >     - unmap_perm
> >
> > This four part patch series drops the dso.h and hidden_*
> > macros.
> >
> > The old dso.h functionality provided libselinux with both control over
> > external exported symbols as well as ensuring internal callers call into
> > libselinux and not a symbol with the same name loaded by the linker
> > earlier in the library list.
> >
> > The functionality is replaced by a linker script that requires public
> > API to explicitly be opt-in. The old method required that internal API
> > be explicitly annotated, and everything else is public. This should help
> > make it easier to control libselinux DSO hygene going forward.
> >
> > The second functionality is replaced by compiler option
> > -fno-semantic-interposition
> >
> > Note that clang has this enabled by default, and thus doesn't need it.
> >
> > See:
> >   - https://stackoverflow.com/questions/35745543/new-option-in-gcc-5-3-fno-semantic-interposition
> >
> > [PATCH v4 1/4] dso: drop hidden_proto and hidden_def
> > [PATCH v4 2/4] Makefile: add -fno-semantic-interposition
> > [PATCH v4 3/4] Makefile: add linker script to minimize exports
> > [PATCH v4 4/4] libselinux: drop symbols from map
>
> This looks fine to me but I'd like at least one of the distro
> maintainers to ack it (especially the last one).

FWIW, I scanned all Fedora (32) packages that Require: libselinux
using this script and it seems that nothing is using the symbols
mentioned in patch 4/4 on Fedora:

https://gitlab.com/omos/selinux-misc/-/blob/master/scan_imports.sh

BTW, the same dso.h infrastructure is used also in libsepol and
libsemanage - are there plans to do the same thing for those two?

--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.