On Fri, Feb 28, 2020 at 7:34 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> On Thu, Feb 27, 2020 at 6:01 PM <bill.c.roberts@xxxxxxxxx> wrote:
> >
> > From: William Roberts <william.c.roberts@xxxxxxxxx>
> >
> > Add a linker script that exports only what was previosly exported by
> > libselinux.
> >
> > This was checked by generating an old export map (from master):
> > nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map
> >
> > Then creating a new one for this library after this patch is applied:
> > nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map
> >
> > And diffing them:
> > diff old.map new.map
> >
> > Fixes: #179
> >
> > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
> > ---
> > libselinux/src/Makefile | 2 +-
> > libselinux/src/libselinux.map | 249 ++++++++++++++++++++++++++++++++++
> > 2 files changed, 250 insertions(+), 1 deletion(-)
> > create mode 100644 libselinux/src/libselinux.map
> >
>
> > diff --git a/libselinux/src/libselinux.map b/libselinux/src/libselinux.map
> > new file mode 100644
> > index 000000000000..823abeee9a36
> > --- /dev/null
> > +++ b/libselinux/src/libselinux.map
> > @@ -0,0 +1,249 @@
> > +{
> > + global:
>
> Our other map files (for libsepol and libsemanage) have a versioned
> symbolic name before the {, ala
> LIBSELINUX_1.0 {
Ok will add.
>
> > + dir_xattr_list;
>
> I doubt this was intentionally made public and certainly isn't
> declared in the public headers. Can we hide it?
>
> > + map_class;
> > + map_decision;
> > + map_perm;
>
> Ditto for these three.
>
> > + myprintf_compat;
>
> And again.
>
> > + unmap_class;
> > + unmap_perm;
>
> Likewise.
Perfect, I was wondering if this was overzealous, but I didn't want to
break things.
Will drop these. This provides evidence that opting in to hide symbols, wasn't
doing what we expected.
