Discussion:
libsepol policycap names
Chris PeBenito
2018-03-02 18:49:08 UTC
Permalink
I've been able to make SETools dynamically link to libsepol. However,
one challenge is with policycap names. They're static libsepol, with
nothing that exports them. Can we either:

* export the sepol_polcap_getname() function, or
* move the polcap_names[] in polcaps.c into <sepol/policydb/polcaps.h> ?

Then I can avoid having to manually keep a polcap name list inside SETools.
--
Chris PeBenito
William Roberts
2018-03-02 19:47:29 UTC
Permalink
I've been able to make SETools dynamically link to libsepol. However, one
challenge is with policycap names. They're static libsepol, with nothing
* export the sepol_polcap_getname() function, or
* move the polcap_names[] in polcaps.c into <sepol/policydb/polcaps.h> ?
Then I can avoid having to manually keep a polcap name list inside SETools.
I would rather export the sepol_polcap_getname() rather than the raw mapping
array.
--
Chris PeBenito
Stephen Smalley
2018-03-05 14:03:10 UTC
Permalink
I've been able to make SETools dynamically link to libsepol.  However,
one challenge is with policycap names.  They're static libsepol, with
* export the sepol_polcap_getname() function, or
* move the polcap_names[] in polcaps.c into <sepol/policydb/polcaps.h> ?
Then I can avoid having to manually keep a polcap name list inside SETools.
Let's do the former (and also export sepol_polcap_getnum for
consistency). Did you want to spin up a patch or were you asking us to
do so?
Jason Zaman
2018-03-07 08:19:33 UTC
Permalink
Post by Stephen Smalley
I've been able to make SETools dynamically link to libsepol.  However,
one challenge is with policycap names.  They're static libsepol, with
* export the sepol_polcap_getname() function, or
* move the polcap_names[] in polcaps.c into <sepol/policydb/polcaps.h> ?
Then I can avoid having to manually keep a polcap name list inside SETools.
Let's do the former (and also export sepol_polcap_getnum for
consistency). Did you want to spin up a patch or were you asking us to
do so?
If we put polcap_names[] in the .h file, would it mean that setools and
any other programs need to be re-compiled to see any changes? if thats
the case then only sepol_polcap_getname() would be easier for
maintenance.

-- Jason
Jason Zaman
2018-03-07 08:32:23 UTC
Permalink
Post by Jason Zaman
Post by Stephen Smalley
I've been able to make SETools dynamically link to libsepol.  However,
one challenge is with policycap names.  They're static libsepol, with
* export the sepol_polcap_getname() function, or
* move the polcap_names[] in polcaps.c into <sepol/policydb/polcaps.h> ?
Then I can avoid having to manually keep a polcap name list inside SETools.
Let's do the former (and also export sepol_polcap_getnum for
consistency). Did you want to spin up a patch or were you asking us to
do so?
If we put polcap_names[] in the .h file, would it mean that setools and
any other programs need to be re-compiled to see any changes? if thats
the case then only sepol_polcap_getname() would be easier for
maintenance.
Oops i read it wrong, you mean export both the functions not the array,
in that case yes agreed completely.

-- Jason

Loading...