On Sat, 5 Jul 2014 11:03:32 Laurent Bigonville wrote: > Quickly looking a the libsepol case, I'm not sure why we are > re-executing init in this case at all. sysvinit doesn't seems to use > any of its symbols and libselinux itself is statically linked against > it. > > Or did I overlooked something?
You are correct. When looking through the code it seems that libsepol is only used for audit2why.so (used for that one application and nothing else apparently) and for selinux_mkload_policy(3) (which I don't think is called by any init program). I think this is all fairly ugly anyway. Statically linking libraries is generally a bad thing to do and needlessly linking in code in essential libraries is always a bad thing. If I was in a position to change this (and I'm not given the cross distribution issues) then I would have selinux_mkload_policy(3) exported from libsepol.so and have the dependencies go from libsepol.so to libselinux.so so that systemd, init, and other programs which only need the base libselinux.so functionality can skip any form of linking against libsepol.so code. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
