[DSE-Dev] Bug#753727: Bug#753727: reason for this

Russell Coker russell at coker.com.au
Sat Jul 5 10:11:44 UTC 2014

On Sat, 5 Jul 2014 11:03:32 Laurent Bigonville wrote:
> Quickly looking a the libsepol case, I'm not sure why we are
> re-executing init in this case at all. sysvinit doesn't seems to use
> any of its symbols and libselinux itself is statically linked against
> it.
> Or did I overlooked something?

You are correct.  When looking through the code it seems that libsepol is only 
used for audit2why.so (used for that one application and nothing else 
apparently) and for selinux_mkload_policy(3) (which I don't think is called by 
any init program).

I think this is all fairly ugly anyway.  Statically linking libraries is 
generally a bad thing to do and needlessly linking in code in essential 
libraries is always a bad thing.

If I was in a position to change this (and I'm not given the cross 
distribution issues) then I would have selinux_mkload_policy(3) exported from 
libsepol.so and have the dependencies go from libsepol.so to libselinux.so so 
that systemd, init, and other programs which only need the base libselinux.so 
functionality can skip any form of linking against libsepol.so code.

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

More information about the SELinux-devel mailing list