On Fri, Sep 16, 2016 at 06:51:25AM -0700, William Roberts wrote: > On Fri, Sep 16, 2016 at 6:43 AM, William Roberts > <bill.c.roberts@xxxxxxxxx> wrote: > > On Fri, Sep 16, 2016 at 6:31 AM, Jason Zaman <jason@xxxxxxxxxxxxx> wrote: > >> On Fri, Sep 16, 2016 at 06:15:01AM -0700, William Roberts wrote: > >>> On Fri, Sep 16, 2016 at 6:09 AM, Janis Danisevskis <jdanis@xxxxxxxxxx> wrote: > >>> > I don't mind. Then before sefcontext_compile -r gets widely adapted we > >>> > should change the semantic quickly. I'll prepare a patch. > >>> > >>> Did I miss something and this was merged? Iv'e been out recovering > >>> from a surgery so I haven't been > >>> following this as well as I normally would have, > >>> > >>> If its merged, just leave it. > >> > >> Its the very latest thing in master yeah, but I do also agree with changing it. > > > > I'd prefer it changed myself. Another argument pro-change is that one doesn't > > know if its a PCRE2 or PCRE1 compatable version of the libraries, we should > > probably have an ability to intergoate that via API so we can print it > > out in help > > dialogue, that this tool so we at least know what it can support. > > > > The biggest thing that needs to get fixed with this, is that no matter > > if it contains the > > pre-compiled regexs or not, it should always load and work on Android. > > In distros, > > it will fall back to file_contexts, but we don't have this in Android. > > This ties into the arch > > version information below. But if the arch differs, always recompile. > > The alternative to > > this, is just go back to textual fc file son Android, since we won't > > be using any of the > > features of binary fc's. Better yet, in the Android build, I would > > check to see if host arch > > is the same as target arch, or let an OEM set a flag, to do the > > compilation. But I would > > consider those stretch goals, and just revert android back to textual files. > > My ramblings might not be clear here. If we just version it with arch > and require > an exact match, we don't need -r, so that option goes away. This is what I was aiming for too, currently the pcre_version() is just strcmp'd so changing it to cat(pcre2_version(), arch_string()) should avoid any problems. It may turn out to be overzealous but it will always be safe. I dont think splitting pcre_version and arch into separate fields makes a huge difference if you prefer that. Currently the version numbers are not parsed tho, so checking arch only for pcre2 seems like a lot more work. -- Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
