On Tue, Nov 12, 2019 at 4:39 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 11/11/19 6:53 AM, Nicolas Iooss wrote: > > selinuxswig_python_exception.i and semanageswig_python_exception.i need > > to be regenerated when either an input header file changes or > > exception.sh changes. Add the missing items to the respective Makefiles. > > > > Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> > > Wondering if we ought to be passing the dependencies as arguments to > exception.sh and having it use them rather than a hardcoded header file > path, but regardless: > > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> I merged my three patches. Thanks for your review. In my humble opinion, I find it simpler not to pass any argument to the script, users can regenerate the files by running exception.sh directly. Nevertheless, when I wrote this patch, there is something that surprised me. In libselinux, only functions in selinux.h are considered when adding glue code to raise OSError from errno when a function returns a negative value. Contrary to semanage.h, selinux.h does not include every other libselinux headers. More precisely, "grep '^extern int ' libselinux/include/selinux/*.h" shows some functions in avc.h, label.h and restorecon.h that are not handled. For example avc_netlink_open() documented in its manpage to return -1 and set errno when an error occurs, but is not present in selinuxswig_python_exception.i. Is this a bug? If yes, fixing it requires changing the API of selinux Python module, which could break some applications (a function would raise an exception instead of returning -1). Nicolas
