SELinux Archive on lore.kernel.org
 help / color / Atom feed
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Ondrej Mosnacek <omosnace@redhat.com>, selinux@vger.kernel.org
Cc: Chris PeBenito <pebenito@ieee.org>
Subject: Re: [PATCH 0/2] userspace: Implement new format of filename trans rules
Date: Fri, 27 Mar 2020 15:21:07 -0400
Message-ID: <daeae1d9-de29-aae0-6bde-3ad3427a5d42@tycho.nsa.gov> (raw)
In-Reply-To: <20200327152107.95915-1-omosnace@redhat.com>

On 3/27/20 11:21 AM, Ondrej Mosnacek wrote:
> These patches are the userspace side of the kernel change posted at [1].
> 
> The first patch changes libsepol's internal representation of filename
> transition rules in a way similar to kernel commit c3a276111ea2
> ("selinux: optimize storage of filename transitions") [2].
> 
> The second patch then builds upon that and implements reading and
> writing of a new binary policy format that uses this representation also
> in the data layout.
> 
> See individual patches for more details.
> 
> NOTE: This series unfortunately breaks the build of setools. Moreover,
> when an existing build of setools dynamically links against the new
> libsepol, it segfaults. Sadly, there doesn't seem to be a nice way of
> handling this, since setools relies on non-public libsepol policydb
> API/ABI.

I think this has happened before a few years ago when we made a 
different change to those structures, and required updates on the 
setools side.

Maybe we need to figure out what setools needs to be encapsulated and 
exported as part of the libsepol public ABI/API, and then stop having it 
peer into libsepol internals?


  parent reply index

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-27 15:21 Ondrej Mosnacek
2020-03-27 15:21 ` [PATCH 1/2] libsepol,checkpolicy: optimize storage of filename transitions Ondrej Mosnacek
2020-03-27 15:21 ` [PATCH 2/2] libsepol: implement POLICYDB_VERSION_COMP_FTRANS Ondrej Mosnacek
2020-03-27 17:09   ` Stephen Smalley
2020-03-27 19:12     ` Ondrej Mosnacek
2020-03-27 19:21 ` Stephen Smalley [this message]
2020-03-30 13:05   ` [PATCH 0/2] userspace: Implement new format of filename trans rules Chris PeBenito
2020-04-29 19:00     ` James Carter
2020-04-29 19:26       ` Stephen Smalley
2020-04-30 13:22       ` Stephen Smalley
2020-04-30 14:20         ` Ondrej Mosnacek
2020-04-30 14:58           ` Chris PeBenito
2020-04-30 14:24         ` Chris PeBenito
2020-04-30 14:34           ` Ondrej Mosnacek
2020-04-30 15:20             ` Chris PeBenito
2020-04-30 15:27               ` James Carter
2020-04-30 15:34               ` Ondrej Mosnacek
2020-04-30 15:21         ` James Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=daeae1d9-de29-aae0-6bde-3ad3427a5d42@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=omosnace@redhat.com \
    --cc=pebenito@ieee.org \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org
	public-inbox-index selinux

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git