[apparmor] [patch] libapparmor: aa_query_label symbol versioning

Steve Beattie steve at nxnw.org
Sat Mar 1 17:25:33 UTC 2014

On Sat, Mar 01, 2014 at 04:41:51AM -0800, John Johansen wrote:
> On 02/28/2014 01:46 PM, Steve Beattie wrote:
> > A slightly more invasive but conservative solution is to provide both
> > versions (APPARMOR_1.1 and APPARMOR_3.0) of the aa_query_label()
> > symbol. It requires the function name in kernel_interface.c to
> > be renamed (similar to how the deprecated change_hat() symbol is
> > named in the source as __change_hat()), otherwise linking fails
> > with duplicated symbols. The default symbol used will still be the
> > APPARMOR_3.0 version, but binaries linked with the APPARMOR_1.1 version
> > would still continue to work unchanged. Keeping the (misleading)
> > APPARMOR_3.0 version would prevent breaking anyone currently using
> > a snapshot of trunk. This is the second patch attached.
> > 
> So in general I like this, I question keeping the symbol version at
> APPARMOR_3.0, as we your other patch added a place holder 2.9
> which would seem to be the right place for it
> Also does the aa_query_label for the both versions have to be
> present in the map? The patch only adds it for 1.1

Yes, it needs to be in both sections. The second patch adds it only
for APPARMOR_1.1, because it's already in the map file under the
APPARMOR_3.0 section.

I'm on the fence about changing the symbol to APPARMOR_2.9: on
the one hand I'd prefer it because it more accurately reflects the
release that will introduce the new symbol; on the other, the risk
of breaking someone who's been using a snapshot of trunk -- though,
it must be said that they would only break if they were using the
aa_query_label symbol, which isn't likely, since it's the patch to
dbus that is the sole consumer that I'm aware of. So changing to
APPARMOR_2.9 is almost assuredly safe.

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140301/325ade21/attachment.pgp>

More information about the AppArmor mailing list