This is the mail archive of the libffi-discuss@sourceware.org mailing list for the libffi project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: libffi & fork

On 05/02/2012 09:23 PM, Anthony Green wrote:
> On Tue, May 1, 2012 at 3:56 AM, Andrew Haley <aph@redhat.com> wrote:
>>> Hmm.. check out this bug:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=772657
>>>
>>> If our selinux state detection code really is this fragile, maybe we
>>> should link against libselinux and use is_selinux_enabled() as
>>> suggested in comment 4.
>>
>> Would it not make far more sense simply to try to map the region
>> and fall back if that fails?
> 
> Wouldn't that generate spurious SELinux warnings/errors?  I'd rather
> not have that as expected behaviour.

I suppose it would.  We could ask Dan Walsh what we should do.
Detecting the presence of SELinux is incorrect because:

1.  SELinux might be configured to allow write/exec regions.

2.  SELinux might be configured to allow write/exec regions for
    Python.

3.  Some non-SELinux mechanism might disallow write/exec regions.

One more alternative would be to probe but only at install time.
That's still wrong because someone could change SELinux settings.

Andrew.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]