[DSE-Dev] Bug#753727: Bug#753727: reason for this
russell at coker.com.au
Sat Jul 5 10:11:44 UTC 2014
On Sat, 5 Jul 2014 11:03:32 Laurent Bigonville wrote:
> Quickly looking a the libsepol case, I'm not sure why we are
> re-executing init in this case at all. sysvinit doesn't seems to use
> any of its symbols and libselinux itself is statically linked against
> Or did I overlooked something?
You are correct. When looking through the code it seems that libsepol is only
used for audit2why.so (used for that one application and nothing else
apparently) and for selinux_mkload_policy(3) (which I don't think is called by
any init program).
I think this is all fairly ugly anyway. Statically linking libraries is
generally a bad thing to do and needlessly linking in code in essential
libraries is always a bad thing.
If I was in a position to change this (and I'm not given the cross
distribution issues) then I would have selinux_mkload_policy(3) exported from
libsepol.so and have the dependencies go from libsepol.so to libselinux.so so
that systemd, init, and other programs which only need the base libselinux.so
functionality can skip any form of linking against libsepol.so code.
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel