On Sun, Jul 19, 2020 at 12:35 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> These patches are the userspace side of the following kernel commits:
> c3a276111ea2 ("selinux: optimize storage of filename transitions") [1]
> 430059024389 ("selinux: implement new format of filename transitions") [2].
>
> The first patch changes libsepol's internal representation of filename
> transition rules in a way similar to the kernel commit.
>
> The second patch then builds upon that and implements reading and
> writing of the new binary policy format that uses this representation
> also in the data layout.
>
> See individual patches for more details.
>
> NOTE: This series unfortunately breaks the build of setools. Moreover,
> when an existing build of setools dynamically links against the new
> libsepol, it segfaults. Sadly, there doesn't seem to be a nice way of
> handling this, since setools relies on non-public libsepol policydb
> API/ABI. I have prepared a preliminary patch to adapt setools to these
> changes - I'll open a WIP pull request for it soon...
And the setools PR is here:
https://github.com/SELinuxProject/setools/pull/50
>
> See also this discussion about the setools impact:
> https://lore.kernel.org/selinux/daeae1d9-de29-aae0-6bde-3ad3427a5d42@xxxxxxxxxxxxx/
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
