| Message ID | 20171011085345.31496-1-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On Wed, 2017-10-11 at 10:53 +0200, Petr Lautrbach wrote: > When libselinux is built using USE_PCRE2 libselinux.pc needs to > require > libpcre2-8 instead of libpcre. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1487521 > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Thanks, applied. We still need to revisit the value proposition of file_contexts.bin after the move to pcre2, given the large increase in file size and the runtime overhead. We can add -r to the sefcontext_compile args via semanage.conf, but then I'm wondering whether it is worth having file_contexts.bin at all. > --- > libselinux/Makefile | 11 ++++++----- > libselinux/src/Makefile | 2 +- > libselinux/src/libselinux.pc.in | 2 +- > 3 files changed, 8 insertions(+), 7 deletions(-) > > diff --git a/libselinux/Makefile b/libselinux/Makefile > index 1ecab178..16531fe9 100644 > --- a/libselinux/Makefile > +++ b/libselinux/Makefile > @@ -21,13 +21,14 @@ export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS > ANDROID_HOST > > USE_PCRE2 ?= n > ifeq ($(USE_PCRE2),y) > - PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 $(shell > $(PKG_CONFIG) --cflags libpcre2-8) > - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre2-8) > + PCRE_MODULE := libpcre2-8 > + PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 > else > - PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags libpcre) > - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre) > + PCRE_MODULE := libpcre > endif > -export PCRE_CFLAGS PCRE_LDLIBS > +PCRE_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE)) > +PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE)) > +export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS > > OS := $(shell uname) > export OS > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile > index 2408faea..18df75c8 100644 > --- a/libselinux/src/Makefile > +++ b/libselinux/src/Makefile > @@ -148,7 +148,7 @@ $(LIBSO): $(LOBJS) > ln -sf $@ $(TARGET) > > $(LIBPC): $(LIBPC).in ../VERSION > - sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; > s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ > + sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; > s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):; > s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@ > > selinuxswig_python_exception.i: ../include/selinux/selinux.h > bash -e exception.sh > $@ || (rm -f $@ ; false) > diff --git a/libselinux/src/libselinux.pc.in > b/libselinux/src/libselinux.pc.in > index 2cd04d38..2e90a844 100644 > --- a/libselinux/src/libselinux.pc.in > +++ b/libselinux/src/libselinux.pc.in > @@ -7,6 +7,6 @@ Name: libselinux > Description: SELinux utility library > Version: @VERSION@ > URL: http://userspace.selinuxproject.org/ > -Requires.private: libsepol libpcre > +Requires.private: libsepol @PCRE_MODULE@ > Libs: -L${libdir} -lselinux > Cflags: -I${includedir}
On Fri, Oct 13, 2017 at 03:31:39PM -0400, Stephen Smalley wrote: > We still need to revisit the value proposition of file_contexts.bin > after the move to pcre2, given the large increase in file size and the > runtime overhead. We can add -r to the sefcontext_compile args via > semanage.conf, but then I'm wondering whether it is worth having > file_contexts.bin at all. We already use -r in Fedora 27 by default. Jan Zarsky did some investigation related to file_contexts.bin [1] and according to his results, we it looks like we can simply drop file_contexts.bin completely. But there were some bugs in past which prevented Anaconda and systems based on OSTree to work when there was no such file in selinux-policy-targeted package. Therefore we need to confirm that if we drop it in Fedora it wouldn't affect them. Using this configuration in semanage.conf we can avoid creating such files without any change in the code: [sefcontext_compile] path = /bin/true [end] [1] https://janzarskyblog.wordpress.com/2017/09/06/why-we-dont-need-to-ship-file_contexts-bin-with-selinux-policy/ Petr
diff --git a/libselinux/Makefile b/libselinux/Makefile index 1ecab178..16531fe9 100644 --- a/libselinux/Makefile +++ b/libselinux/Makefile @@ -21,13 +21,14 @@ export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST USE_PCRE2 ?= n ifeq ($(USE_PCRE2),y) - PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 $(shell $(PKG_CONFIG) --cflags libpcre2-8) - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre2-8) + PCRE_MODULE := libpcre2-8 + PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 else - PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags libpcre) - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre) + PCRE_MODULE := libpcre endif -export PCRE_CFLAGS PCRE_LDLIBS +PCRE_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE)) +PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE)) +export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS OS := $(shell uname) export OS diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 2408faea..18df75c8 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -148,7 +148,7 @@ $(LIBSO): $(LOBJS) ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION - sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ + sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@ selinuxswig_python_exception.i: ../include/selinux/selinux.h bash -e exception.sh > $@ || (rm -f $@ ; false) diff --git a/libselinux/src/libselinux.pc.in b/libselinux/src/libselinux.pc.in index 2cd04d38..2e90a844 100644 --- a/libselinux/src/libselinux.pc.in +++ b/libselinux/src/libselinux.pc.in @@ -7,6 +7,6 @@ Name: libselinux Description: SELinux utility library Version: @VERSION@ URL: http://userspace.selinuxproject.org/ -Requires.private: libsepol libpcre +Requires.private: libsepol @PCRE_MODULE@ Libs: -L${libdir} -lselinux Cflags: -I${includedir}
When libselinux is built using USE_PCRE2 libselinux.pc needs to require libpcre2-8 instead of libpcre. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1487521 Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- libselinux/Makefile | 11 ++++++----- libselinux/src/Makefile | 2 +- libselinux/src/libselinux.pc.in | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-)