On Thu, Mar 5, 2020 at 10:12 AM William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > > On Thu, Mar 5, 2020 at 6:42 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > > > > > > Stephen Smalley <stephen.smalley.work@xxxxxxxxx> writes: > > > > > On Mon, Mar 2, 2020 at 11:41 AM <bill.c.roberts@xxxxxxxxx> wrote: > > >> > > >> Version 4: > > >> - Fix linker option warnings. > > >> - Move map file to begining of options. > > >> > > >> Version 3: > > >> - Add more symbols that should be dropped from the dso: > > >> - map_class; > > >> - map_decision; > > >> - map_perm; > > >> > > >> Version 2: > > >> - adds a version to the linker script LIBSELINUX_1.0 > > >> - Adds a patch to drop some additional symbols from the dso: > > >> - dir_xattr_list > > >> - myprintf_compat > > >> - unmap_class > > >> - unmap_perm > > >> > > >> This four part patch series drops the dso.h and hidden_* > > >> macros. > > >> > > >> The old dso.h functionality provided libselinux with both control over > > >> external exported symbols as well as ensuring internal callers call into > > >> libselinux and not a symbol with the same name loaded by the linker > > >> earlier in the library list. > > >> > > >> The functionality is replaced by a linker script that requires public > > >> API to explicitly be opt-in. The old method required that internal API > > >> be explicitly annotated, and everything else is public. This should help > > >> make it easier to control libselinux DSO hygene going forward. > > >> > > >> The second functionality is replaced by compiler option > > >> -fno-semantic-interposition > > >> > > >> Note that clang has this enabled by default, and thus doesn't need it. > > >> > > >> See: > > >> - https://stackoverflow.com/questions/35745543/new-option-in-gcc-5-3-fno-semantic-interposition > > >> > > >> [PATCH v4 1/4] dso: drop hidden_proto and hidden_def > > >> [PATCH v4 2/4] Makefile: add -fno-semantic-interposition > > >> [PATCH v4 3/4] Makefile: add linker script to minimize exports > > >> [PATCH v4 4/4] libselinux: drop symbols from map > > > > > > This looks fine to me but I'd like at least one of the distro > > > maintainers to ack it (especially the last one). > > > > Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> > > > > Thanks staged: > https://github.com/SELinuxProject/selinux/pull/205 merged. Since folks have interest in doing the same for libsepol and libsemanage, im going to roll those before updating the attribute deprecated patches. Thanks, Bill
