Skip to content

Switch libselinux to runtime optional via dlopen#4441

Open
bluca wants to merge 1 commit into
util-linux:masterfrom
bluca:dlopen_selinux
Open

Switch libselinux to runtime optional via dlopen#4441
bluca wants to merge 1 commit into
util-linux:masterfrom
bluca:dlopen_selinux

Conversation

@bluca

@bluca bluca commented Jun 23, 2026

Copy link
Copy Markdown
Member

libselinux is built in most distros, but it is seldomly needed at runtime (e.g.: it is not used by default on Debian/Ubuntu). In order to allow building small images from the same packages, switch it to runtime optional by using dlopen(), and gracefully fallback if the library is not found.

If libsystemd headers are available at build time stamp the ELF binaries using the ELF dlopen metadata format as defined by: https://uapi-group.org/specifications/specs/elf_dlopen_metadata/ so that packaging tools for rpm/deb can automatically derive dependencies for it.

The implementation follows the same pattern already used for libcryptsetup for consistency.

libselinux is built in most distros, but it is seldomly needed at
runtime (e.g.: it is not used by default on Debian/Ubuntu). In order to
allow building small images from the same packages, switch it to
runtime optional by using dlopen(), and gracefully fallback if the
library is not found.

If libsystemd headers are available at build time stamp the ELF
binaries using the ELF dlopen metadata format as defined by:
https://uapi-group.org/specifications/specs/elf_dlopen_metadata/
so that packaging tools for rpm/deb can automatically derive
dependencies for it.

The implementation follows the same pattern already used for
libcryptsetup for consistency.
@bluca

bluca commented Jun 25, 2026

Copy link
Copy Markdown
Member Author

Currently libselinux is mandatory for systemd (as in pid1) because of dependency chain through libmount. By making it dlopen-optional, the chain is broken, and systemd can run with only libmount and glibc, and no other mandatory dependency, even for fully-featured builds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant