[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Port to SELinux 3.1
From: |
Bernhard Voelker |
Subject: |
[PATCH] Port to SELinux 3.1 |
Date: |
Fri, 20 Nov 2020 01:12:53 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.3 |
* ! DISCLAIMER ! *
! I don't have a system which has SELinux enabled, nor have I ever really
used SELinux.
! Therefore, I crafted the following on a best-effort basis, and tested it
only on my
! system which has the selinux-devel package installed, once with the default
configure
! options and once with --without-selinux.
My openSUSE:Tumbleweed has updated to SELinux 3.1 a couple of weeks ago.
Since then, I see the following warnings:
CC lib/selinux-at.o
In file included from lib/selinux-at.c:21:
lib/selinux-at.h:34:1: error: 'security_context_t' is deprecated
[-Werror=deprecated-declarations]
34 | int getfileconat (int dir_fd, char const *file, security_context_t
*con);
| ^~~
...
CC src/selinux.o
src/selinux.c: In function 'defaultcon':
src/selinux.c:131:3: error: 'matchpathcon' is deprecated: Use selabel_lookup
instead [-Werror=deprecated-declarations]
131 | if (matchpathcon (path, mode, &scon) < 0)
| ^~
In file included from ./lib/selinux/selinux.h:25,
from src/selinux.c:20:
/usr/include/selinux/selinux.h:500:12: note: declared here
500 | extern int matchpathcon(const char *path,
| ^~~~~~~~~~~~
The attached 2 patches attempt to fix this:
* [PATCH] selinux-h: add label stubs
File 'gnulib-se-label.patch'.
This gnulib patch creates the stubs for se-label similar to the se-context
stubs.
* [PATCH] install,cp,mv,mkdir,mkfifo,mknod: port to SELinux 3.1
File
'~/gnulib-se-label/0001-install-cp-mv-mkdir-mkfifo-mknod-port-to-SELinux-3.1.patch'.
This coreutils patch updates gnulib to latest (including the above gnulib
patch),
and replaces the deprecated matchpathcon calls.
To go past the 'public-submodule-commit' error, one has to run the tests like:
make check gl_public_submodule_commit=
Is this the right approach?
Does it work on systems having SELinux enabled?
Does it work on systems with SELinux < 3.1?
Does it work on systems with SELinux >= 3.1?
If yes, then I'd forward to gnulib patch to ... well, gnulib.
Have a nice day,
Berny
0001-install-cp-mv-mkdir-mkfifo-mknod-port-to-SELinux-3.1.patch
Description: Text Data
gnulib-se-label.patch
Description: Text Data
- [PATCH] Port to SELinux 3.1,
Bernhard Voelker <=