coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Port to SELinux 3.1


From: Bernhard Voelker
Subject: [PATCH] Port to SELinux 3.1
Date: Fri, 20 Nov 2020 01:12:53 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.3

* ! DISCLAIMER ! *
  ! I don't have a system which has SELinux enabled, nor have I ever really 
used SELinux.
  ! Therefore, I crafted the following on a best-effort basis, and tested it 
only on my
  ! system which has the selinux-devel package installed, once with the default 
configure
  ! options and once with --without-selinux.

My openSUSE:Tumbleweed has updated to SELinux 3.1 a couple of weeks ago.
Since then, I see the following warnings:

    CC       lib/selinux-at.o
  In file included from lib/selinux-at.c:21:
  lib/selinux-at.h:34:1: error: 'security_context_t' is deprecated 
[-Werror=deprecated-declarations]
     34 | int  getfileconat (int dir_fd, char const *file, security_context_t 
*con);
        | ^~~

  ...

    CC       src/selinux.o
  src/selinux.c: In function 'defaultcon':
  src/selinux.c:131:3: error: 'matchpathcon' is deprecated: Use selabel_lookup 
instead [-Werror=deprecated-declarations]
    131 |   if (matchpathcon (path, mode, &scon) < 0)
        |   ^~
  In file included from ./lib/selinux/selinux.h:25,
                   from src/selinux.c:20:
  /usr/include/selinux/selinux.h:500:12: note: declared here
    500 | extern int matchpathcon(const char *path,
        |            ^~~~~~~~~~~~

The attached 2 patches attempt to fix this:

* [PATCH] selinux-h: add label stubs
  File 'gnulib-se-label.patch'.
  This gnulib patch creates the stubs for se-label similar to the se-context 
stubs.

* [PATCH] install,cp,mv,mkdir,mkfifo,mknod: port to SELinux 3.1
  File 
'~/gnulib-se-label/0001-install-cp-mv-mkdir-mkfifo-mknod-port-to-SELinux-3.1.patch'.
  This coreutils patch updates gnulib to latest (including the above gnulib 
patch),
  and replaces the deprecated matchpathcon calls.

To go past the 'public-submodule-commit' error, one has to run the tests like:
  make check gl_public_submodule_commit=

Is this the right approach?
Does it work on systems having SELinux enabled?
Does it work on systems with SELinux < 3.1?
Does it work on systems with SELinux >= 3.1?
If yes, then I'd forward to gnulib patch to ... well, gnulib.

Have a nice day,
Berny

Attachment: 0001-install-cp-mv-mkdir-mkfifo-mknod-port-to-SELinux-3.1.patch
Description: Text Data

Attachment: gnulib-se-label.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]