[patch] optional -lsepol

Tue Jun 5 22:53:00 UTC 2007

On Tuesday 05 June 2007 11:12, Bernhard Fischer wrote:
> On Tue, Jun 05, 2007 at 04:08:26PM +0900, Yuichi Nakamura wrote:
> >Hi.
> >
> >If you configured ENABLE_SELINUX, and enabled SELinux applets,  libsepol is linked.
> >However, current SELinux applets do not use libsepol.
> >In addition, size of libsepol is big, so it is better not to link it by default.
> >I prepared CONFIG_SELINUX_SEPOL(by default n).
> >When it is enabled, libsepol is linked.
> >
> >Please see attached file.

 ifeq ($(CONFIG_SELINUX),y)
-LDLIBS += -lselinux -lsepol
+LDLIBS += -lselinux
 endif

+ifeq ($(CONFIG_SELINUX_SEPOL),y)
+LDLIBS += -lsepol
+endif

This will work, yes. But ideally I want a system which
links in -lsepol only if otherwise link fails.

See how trylink script does it for libm and libcrypt.
Ugly hack, but needs no build magic and avoids situations when
CONFIG_LIBM etc are set needlessly.

> Perhaps it would be better to flag sepol --as-needed
> 
> We currently would need to flag some debugging libraries add-needed
> (dmalloc, efence et al). Then we could add optional libs as-needed or
> provide means to trylink which only pulls in OPTIONAL_LIBS if they
> satisfy unresolved syms.

Doesn't seem to do what we want. This is allnoconfig busybox:

# ldd busybox
        linux-gate.so.1 =>  (0xffffe000)
        libc.so.6 => /lib/libc.so.6 (0xf7e01000)
        /lib/ld-linux.so.2 (0xf7efe000)

Below one is linked with trylink script hacked to unconditionally use
--as-needed -Wl,--start-group -lcrypt -lm -Wl,--end-group:

# ldd busybox--as-needed
        linux-gate.so.1 =>  (0xffffe000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0xf7fa6000)
        libm.so.6 => /lib/libm.so.6 (0xf7f84000)
        libc.so.6 => /lib/libc.so.6 (0xf7e95000)
        /lib/ld-linux.so.2 (0xf7fe1000)

See? It is linked to libm and libcrypt now! :(
--
vda