On 09/15/2016 10:04 AM, Janis Danisevskis wrote:
> From: Janis Danisevskis <jdanis@xxxxxxxxxx>
>
> This patch moves all pcre1/2 dependencies into the new files regex.h
> and regex.c implementing the common denominator of features needed
> by libselinux. The compiler flag -DUSE_PCRE2 toggles between the
> used implementations.
>
> As of this patch libselinux supports either pcre or pcre2 but not
> both at the same time. The persistently stored file contexts
> information differs. This means libselinux can only load file
> context files generated by sefcontext_compile build with the
> same pcre variant.
>
> Also, for pcre2 the persistent format is architecture dependent.
> Stored precompiled regular expressions can only be used on the
> same architecture they were generated on. If pcre2 is used,
> sefcontext_compile now respects the "-r". This flag makes
> sefcontext_compile include the precompiled regular expressions
> in the output file. The default is to omit them, so that the
> output remains portable at the cost of having to recompile
> the regular expressions at load time, or rather on first use.
Is that really the default behavior you want?
> Signed-off-by: Janis Danisevskis <jdanis@xxxxxxxxxx>
> ---
> diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h
> index 6d1e890..3df7972 100644
> --- a/libselinux/src/label_file.h
> +++ b/libselinux/src/label_file.h
> @@ -453,12 +429,14 @@ static inline int process_line(struct selabel_handle *rec,
> */
> data->nspec++;
>
> - if (rec->validating &&
> - compile_regex(data, &spec_arr[nspec], &errbuf)) {
> + if (rec->validating
> + && compile_regex(data, &spec_arr[nspec], &error_data)) {
> + regex_format_error(&error_data, regex_error_format_buffer,
> + sizeof(regex_error_format_buffer));
> COMPAT_LOG(SELINUX_ERROR,
> "%s: line %u has invalid regex %s: %s\n",
> path, lineno, regex,
> - (errbuf ? errbuf : "out of memory"));
> + regex_error_format_buffer);
compile_regex() may fail on an out of memory condition before
regex_error_format_buffer is initialized, which is why we previously
passed errbuf ?: "out of memory" above. I suppose you could initialize
regex_error_format_buffer with "out of memory" prior to calling
compile_regex().
> diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
> new file mode 100644
> index 0000000..1c4a84d
> --- /dev/null
> +++ b/libselinux/src/regex.c
<snip>
> +int regex_writef(struct regex_data *regex, FILE *fp)
This needs to be updated with the new do_write_precompregex argument,
and either use the argument or mark it unused to permit compilation for
the USE_PCRE2=n.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
