On Fri, Feb 28, 2020 at 7:50 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Thu, Feb 27, 2020 at 6:01 PM <bill.c.roberts@xxxxxxxxx> wrote: > > > > From: William Roberts <william.c.roberts@xxxxxxxxx> > > > > Add -fno-semantic-interposition to CFLAGS. This will restore > > the DSO infrastructures protections to insure internal callers > > of exported symbols call into libselinux and not something laoding first > > in the library list. > > > > Clang has this enabled by default. > > > > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> > > I'm fine with this but since Nicolas pointed out the option of using > -Bsymbolic to > the linker as an alternative to hidden_def/hidden_proto in > https://github.com/SELinuxProject/selinux/issues/204#issuecomment-591092288 > I was wondering how they differ. I guess -Bsymbolic only affects the > linker while -fno-semantic-interposition > permits the compiler to further optimize the code. That's my understanding of the difference as well. -B is only link time, so the compiler can't really optimize the calls, but IIUC the compiler can only optimize whats in the compilation unit, so it can only optimize call sites for calls within the compilation unit. -B also only works for elf builds, so we would conditionally need to modify LDFLAGS based on host type. The compiler option is just a clang/gcc split, which is already there. To go to symbolic we would have to conditionally set that... a tad bit more work :-p
