On Thu, Feb 27, 2020 at 6:01 PM <bill.c.roberts@xxxxxxxxx> wrote:
>
> From: William Roberts <william.c.roberts@xxxxxxxxx>
>
> Add a linker script that exports only what was previosly exported by
> libselinux.
>
> This was checked by generating an old export map (from master):
> nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map
>
> Then creating a new one for this library after this patch is applied:
> nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map
>
> And diffing them:
> diff old.map new.map
>
> Fixes: #179
>
> Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
> ---
> libselinux/src/Makefile | 2 +-
> libselinux/src/libselinux.map | 249 ++++++++++++++++++++++++++++++++++
> 2 files changed, 250 insertions(+), 1 deletion(-)
> create mode 100644 libselinux/src/libselinux.map
>
> diff --git a/libselinux/src/libselinux.map b/libselinux/src/libselinux.map
> new file mode 100644
> index 000000000000..823abeee9a36
> --- /dev/null
> +++ b/libselinux/src/libselinux.map
> @@ -0,0 +1,249 @@
> +{
> + global:
Our other map files (for libsepol and libsemanage) have a versioned
symbolic name before the {, ala
LIBSELINUX_1.0 {
> + dir_xattr_list;
I doubt this was intentionally made public and certainly isn't
declared in the public headers. Can we hide it?
> + map_class;
> + map_decision;
> + map_perm;
Ditto for these three.
> + myprintf_compat;
And again.
> + unmap_class;
> + unmap_perm;
Likewise.
