[DSE-Dev] Bug#1063329: libselinux1t64: breaks system in upgrade from unstable

Helmut Grohne helmut at subdivi.de
Tue Feb 6 14:42:33 GMT 2024


On Tue, Feb 06, 2024 at 11:34:07AM +0100, Adrien Nader wrote:
> Providing two APIs makes me quite uneasy due to having core components
> that would behave differently from the rest of the distribution. It
> sounds like something that will come back to bite for a long time.

Can you elaborate?

Keep in mind that for all the 64bit architectures, there is no abi
difference as the symbol is only added for those architectures, that
currently use a 32bit ino_t.

> I checked on codesearch.d.n and there are very few users on this API;
> actually, none I think. Per
> https://codesearch.debian.net/search?q=matchpathcon_filespec_add&literal=1&perpkg=1
> - box64 mentions that API but the "code" is commented-out,
> - busybox uses it in the "setfiles" applet which isn't built,
> - android-platform-external-libselinux has it in headers but also has
>   its own implementation
> 
> That should hopefully give more freedom although I'm not sure what would
> be the preferred route.

And here you are arguing that there are no practical users of the added
symbol, so with luck, we'd be adding an unused symbol on armhf. With bad
luck, we'd have some users and for those users we'd be ABI-incompatible
with the rest of the world on armhf.

Helmut



More information about the SELinux-devel mailing list