From: Jason Zaman <jason@perfinion.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Nicolas Iooss <nicolas.iooss@m4x.org>, selinux <selinux@tycho.nsa.gov>
Subject: Re: SELinux musl support
Date: Fri, 18 May 2018 23:58:58 +0800 [thread overview]
Message-ID: <20180518155858.GA35598@baraddur.perfinion.com> (raw)
In-Reply-To: <acddd718-3b1f-9745-00fc-d3115964178a@tycho.nsa.gov>
On Fri, May 18, 2018 at 08:58:58AM -0400, Stephen Smalley wrote:
> On 05/18/2018 01:03 AM, Jason Zaman wrote:
> > On Thu, May 17, 2018 at 09:22:01PM +0200, Nicolas Iooss wrote:
> >> On Thu, May 17, 2018 at 7:11 AM, Jason Zaman <jason@perfinion.com> wrote:
> >>> This series fixes compiling and running on musl libc.
> >>>
> >>> patches 1-2 are fairly trivial.
> >>>
> >>> patches 3-4 are a feature change on that platform since it does not
> >>> support GLOB_TILDE and GLOB_BRACE. tilde is coming in musl 1.1.21
> >>> according to [1]. brace support is not documented anywhere or in the
> >>> example configs so that is probably not a big problem.
> >>>
> >>> patch 5 fixes a bug and it just happens that glibc returns a value for
> >>> sysconf and the error handling was wrong but never noticed.
> >>>
> >>> [1]: https://wiki.musl-libc.org/roadmap.html
> >>>
> >>> [PATCH 1/5] sestatus: include limits.h for PATH_MAX
> >>> [PATCH 2/5] libselinux: enable linking to musl-fts
> >>> [PATCH 3/5] setfiles: Musl compatibility for GLOB_BRACE and
> >>> [PATCH 4/5] restorecond: Musl compatibility for GLOB_BRACE and
> >>> [PATCH 5/5] genhomedircon: sysconf can return -1 without failure
> >>
> >> Thanks! These patches look good to me and I would also appreciate if
> >> they are merged in 2.8.
> >
> > Awesome, I'll push them on monday then unless there are any issues
> > before then :)
>
> FWIW, the patches look fine to me as well and I did a test PR to trigger travis CI testing
> and they passed,
> https://github.com/SELinuxProject/selinux/pull/96
>
> One possible area for improvement (but not necessary to merge this) would be to fix the
> genhomedircon code to also then handle the case where getpwnam_r/getgrnam_r returns ERANGE,
> in which case we are supposed to realloc a larger buffer and try again per the man page.
Yeah i thought about that, but you're supposed to do that even when
sysconf does return a number and we've apparently never hit this before.
and the example code in the man pages doesnt really do it either. so as
small changes as possible before release is better. after release we could
think about it but probably still not really high importance.
-- Jason
next prev parent reply other threads:[~2018-05-18 15:59 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-17 5:11 SELinux musl support Jason Zaman
2018-05-17 5:11 ` [PATCH 1/5] sestatus: include limits.h for PATH_MAX Jason Zaman
2018-05-17 5:11 ` [PATCH 2/5] libselinux: enable linking to musl-fts Jason Zaman
2018-05-17 5:11 ` [PATCH 3/5] setfiles: Musl compatibility for GLOB_BRACE and GLOB_TILDE Jason Zaman
2018-05-17 5:11 ` [PATCH 4/5] restorecond: " Jason Zaman
2018-05-17 5:11 ` [PATCH 5/5] genhomedircon: sysconf can return -1 without failure Jason Zaman
2018-05-17 19:22 ` SELinux musl support Nicolas Iooss
2018-05-18 5:03 ` Jason Zaman
2018-05-18 12:58 ` Stephen Smalley
2018-05-18 15:58 ` Jason Zaman [this message]
2018-05-21 9:41 ` Jason Zaman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180518155858.GA35598@baraddur.perfinion.com \
--to=jason@perfinion.com \
--cc=nicolas.iooss@m4x.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.