Re: [PATCH] Change semantic of -r in sefcontext_compile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 16, 2016 at 7:41 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On 09/16/2016 09:08 AM, Janis Danisevskis wrote:
>> This patch reestablishes the default behavior of sefcontext_compile
>> to include precompiled regular expressions in the output. If linked
>> against PCRE2 the flag "-r" now causes the precompiled regular
>> expressions to be omitted from the output.
>
> I thought your original rationale was more compelling.  If we add
> detection of the relevant arch properties, then we can do this.
> Otherwise, I don't think we should.

I was assuming based on the thread earlier that those patches would be coming.
If we cant detect and compile on the current "undefined behavior"
case, then this
needs to stay as is.

But I thought someone had a list of PCRE things that can be checked for "arch",
so its just a matter of encoding those, assuming that list is correct.

Binary file_contexts only make sense if you compile in the regex info, else
just use the textual representation.

>
>> ---
>>  libselinux/utils/sefcontext_compile.c | 8 +++-----
>>  1 file changed, 3 insertions(+), 5 deletions(-)
>>
>> diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
>> index 770ec4c..c1284d5 100644
>> --- a/libselinux/utils/sefcontext_compile.c
>> +++ b/libselinux/utils/sefcontext_compile.c
>> @@ -263,12 +263,10 @@ static void usage(const char *progname)
>>           "         will be fc_file with the .bin suffix appended.\n\t"
>>           "-p       Optional binary policy file that will be used to\n\t"
>>           "         validate contexts defined in the fc_file.\n\t"
>> -         "-r       Include precompiled regular expressions in the output.\n\t"
>> +         "-r       Omit precompiled regular expressions in the output.\n\t"
>>           "         (PCRE2 only. Compiled PCRE2 regular expressions are\n\t"
>>           "         not portable across architectures. When linked against\n\t"
>>           "         PCRE this flag is ignored)\n\t"
>> -         "         Omit precompiled regular expressions (only meaningful\n\t"
>> -         "         when using PCRE2 regular expression back-end).\n\t"
>>           "fc_file  The text based file contexts file to be processed.\n",
>>           progname);
>>               exit(EXIT_FAILURE);
>> @@ -278,7 +276,7 @@ int main(int argc, char *argv[])
>>  {
>>       const char *path = NULL;
>>       const char *out_file = NULL;
>> -     int do_write_precompregex = 0;
>> +     int do_write_precompregex = 1;
>>       char stack_path[PATH_MAX + 1];
>>       char *tmp = NULL;
>>       int fd, rc, opt;
>> @@ -299,7 +297,7 @@ int main(int argc, char *argv[])
>>                       policy_file = optarg;
>>                       break;
>>               case 'r':
>> -                     do_write_precompregex = 1;
>> +                     do_write_precompregex = 0;
>>                       break;
>>               default:
>>                       usage(argv[0]);
>>
>
> _______________________________________________
> Seandroid-list mailing list
> Seandroid-list@xxxxxxxxxxxxx
> To unsubscribe, send email to Seandroid-list-leave@xxxxxxxxxxxxx.
> To get help, send an email containing "help" to Seandroid-list-request@xxxxxxxxxxxxx.



-- 
Respectfully,

William C Roberts
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux