[patch #4848] Patch - Support for SELinux

[James Youngman]

Follow-up Comment #3, patch #4848 (project findutils):

OK, the patch is a viable start - thanks for contributing it - but there are
a number of problems:

* It does not update the Texinfo documentation at all!

* It makes --version emit SELINUX even if that feature is not availble.  This
is especially a problem because now there is presumably a significant
installed base of RH-related machines that give misleading information.  Since
the gnulib implementation is a stub even if the compiled program is then run
on a SELinux-enabled system, this is an unfortunate bug.  If a binary RPM
package made with this patch has never been built on a machine lacking the
selinux development libraries, this may be a bug without impact though.  

* The costlookup[] initialisation sets pred_context to NeedsNothing, which
will presumably lead the optimiser to prefer it to much cheaper tests (for
example -type).  I would guess that NeedsAccessInfo is probably approximately
the right cost (though I have not looked at the SELinux implementation).

* parse_context leaves pred->est_success_rate at 1.0, which is on average an
overestimate.

There are also some minor issues which are just not a big deal (not patching
the NEWS or ChangeLog files, spurious introduction of pred->args.scontext).

Fortunately these problems only affect users who actually make use of
-context (or look for SELINUX in the --version output).

I would be happy to apply an updated version of this patch if you'd care to
make one.



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/patch/?4848>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/