Re: RFC: introduce new library versions for added symbols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Stephen Smalley <sds@xxxxxxxxxxxxx> writes:

On 1/10/19 12:57 PM, Petr Lautrbach wrote:
I used abi-compliance-checker [1] and compared the latest sources with 2.8
release [2].
It looks like there's one symbol added to audit2why.so.

audit2why.so needs a .map file or equivalent; it shouldn't be exporting all of the libsepol.a symbols. We don't guarantee ABI or API compatibility for
anything not in libsepol.map.


I'll prepare a patch for that.


Then I tried the same thing with 2.7 [3] and 2.6 [4] and noticed that there were added new symbols even to LIBSEMANAGE_1.0 while since 2.3
there's already LIBSEMANAGE_1.1.
It's a bug which breaks automatic dependency checking. So I propose to fix symbol version mappings in order to be in relation with the
release where they was introduced, e.g. for libsemanage:

diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
index 02036696..45e90215 100644
--- a/libsemanage/src/libsemanage.map
+++ b/libsemanage/src/libsemanage.map
@@ -18,8 +18,6 @@ LIBSEMANAGE_1.0 {
  semanage_root;
  semanage_user_*; semanage_bool_*; semanage_seuser_*;
  semanage_iface_*; semanage_port_*; semanage_context_*;
- semanage_ibpkey_*;
- semanage_ibendport_*;
  semanage_node_*;
  semanage_fcontext_*; semanage_access_check;
semanage_set_create_store;
semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
@@ -63,3 +61,19 @@ LIBSEMANAGE_1.1 {
  semanage_module_remove_key;
  semanage_set_store_root;
} LIBSEMANAGE_1.0;
+
+LIBSEMANAGE_2.5 {
+ global:
+ semanage_module_extract;
+} LIBSEMANAGE_1.1;
+
+LIBSEMANAGE_2.7 {
+ global:
+ semanage_ibpkey_*;
+ semanage_ibendport_*;
+} LIBSEMANAGE_2.5;
+
+LIBSEMANAGE_2.8 {
+ global:
+ semanage_fcontext_list_homedirs;
+} LIBSEMANAGE_2.7;


If this is acceptable, I would prepare a patch with symbol versions
starting with 2.5 as LIBSEMANAGE_1.1 was introduced in 2.4.

Will this break compatibility for binaries built against earlier
versions?

I was under impression that is should be enough to list symbols in
different versions but it looks like a symbol is assigned only to
one/the latest version.

# semodule -B
semodule: relocation error: /lib64/libsemanage.so.1: symbol sepol_ibendport_modify version LIBSEPOL_1.0 not defined in file libsepol.so.1 with link time reference

I'm still investigating this but given that there's only one reported change between the latest and 2.8 and it should be covered by audit2why map file, it probably doesn't make sense to do this change retroactively now.

Just for the future we need to keep in mind that new symbols needs new versions
in .map files.





[1] http://lvc.github.io/abi-compliance-checker/
[2]
https://plautrba.fedorapeople.org/selinux/compat_reports/2.8_to_2.9-rc0/compat_report.html
[3]
https://plautrba.fedorapeople.org/selinux/compat_reports/2.7_to_2.9-rc0/compat_report.html
[4]
https://plautrba.fedorapeople.org/selinux/compat_reports/2.6_to_2.9-rc0/compat_report.html

Petr




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux