This is the mail archive of the
libffi-discuss@sourceware.org
mailing list for the libffi project.
Re: libffi & fork
On 05/02/2012 09:23 PM, Anthony Green wrote:
> On Tue, May 1, 2012 at 3:56 AM, Andrew Haley <aph@redhat.com> wrote:
>>> Hmm.. check out this bug:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=772657
>>>
>>> If our selinux state detection code really is this fragile, maybe we
>>> should link against libselinux and use is_selinux_enabled() as
>>> suggested in comment 4.
>>
>> Would it not make far more sense simply to try to map the region
>> and fall back if that fails?
>
> Wouldn't that generate spurious SELinux warnings/errors? I'd rather
> not have that as expected behaviour.
I suppose it would. We could ask Dan Walsh what we should do.
Detecting the presence of SELinux is incorrect because:
1. SELinux might be configured to allow write/exec regions.
2. SELinux might be configured to allow write/exec regions for
Python.
3. Some non-SELinux mechanism might disallow write/exec regions.
One more alternative would be to probe but only at install time.
That's still wrong because someone could change SELinux settings.
Andrew.