[DSE-Dev] Bug#753727: Bug#753727: reason for this

Laurent Bigonville bigon at debian.org
Sat Jul 5 12:12:49 UTC 2014


Le Sat, 05 Jul 2014 20:11:44 +1000,
Russell Coker <russell at coker.com.au> a écrit :

> On Sat, 5 Jul 2014 11:03:32 Laurent Bigonville wrote:
> > Quickly looking a the libsepol case, I'm not sure why we are
> > re-executing init in this case at all. sysvinit doesn't seems to use
> > any of its symbols and libselinux itself is statically linked
> > against it.
> > 
> > Or did I overlooked something?
> 
> You are correct.  When looking through the code it seems that
> libsepol is only used for audit2why.so (used for that one application
> and nothing else apparently) and for selinux_mkload_policy(3) (which
> I don't think is called by any init program).
> 
> I think this is all fairly ugly anyway.  Statically linking libraries
> is generally a bad thing to do and needlessly linking in code in
> essential libraries is always a bad thing.
> 
> If I was in a position to change this (and I'm not given the cross 
> distribution issues) then I would have selinux_mkload_policy(3)
> exported from libsepol.so and have the dependencies go from
> libsepol.so to libselinux.so so that systemd, init, and other
> programs which only need the base libselinux.so functionality can
> skip any form of linking against libsepol.so code.
> 

But this means that we could drop the telinit u from the libsepol
postinst script, correct?



More information about the SELinux-devel mailing list