2022-01-19 20:03:53 +00:00
|
|
|
From b8f375c2c8140e759122bca3e3469386d3ba5184 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: "Dmitry V. Levin" <ldv@strace.io>
|
|
|
|
|
Date: Mon, 29 Nov 2021 08:00:00 +0000
|
|
|
|
|
Subject: [PATCH 168/174] m4: fix st_SELINUX check
|
|
|
|
|
|
|
|
|
|
* m4/st_selinux.m4: Make sure selinux support is enabled only if
|
|
|
|
|
all expected functions are provided by libselinux.
|
|
|
|
|
|
|
|
|
|
Fixes: v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
|
|
|
|
|
---
|
|
|
|
|
m4/st_selinux.m4 | 36 ++++++++++++++++--------------------
|
|
|
|
|
1 file changed, 16 insertions(+), 20 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/m4/st_selinux.m4 b/m4/st_selinux.m4
|
|
|
|
|
index da72a48..7b24eba 100644
|
|
|
|
|
--- a/m4/st_selinux.m4
|
|
|
|
|
+++ b/m4/st_selinux.m4
|
|
|
|
|
@@ -34,29 +34,25 @@ AS_IF([test "x$with_libselinux" != xno],
|
|
|
|
|
AS_IF([test "x$found_selinux_h" = xyes],
|
|
|
|
|
[saved_LDFLAGS="$LDFLAGS"
|
|
|
|
|
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
|
|
|
|
|
- AC_CHECK_LIB([selinux],[getpidcon],
|
|
|
|
|
- [libselinux_LIBS="-lselinux"
|
|
|
|
|
- enable_secontext=yes
|
|
|
|
|
- ],
|
|
|
|
|
- [if test "x$with_libselinux" != xcheck; then
|
|
|
|
|
- AC_MSG_FAILURE([failed to find getpidcon in libselinux])
|
|
|
|
|
- fi
|
|
|
|
|
- ]
|
|
|
|
|
- )
|
|
|
|
|
- AC_CHECK_LIB([selinux],[getfilecon],
|
|
|
|
|
- [libselinux_LIBS="-lselinux"
|
|
|
|
|
- enable_secontext=yes
|
|
|
|
|
- ],
|
|
|
|
|
- [if test "x$with_libselinux" != xcheck; then
|
|
|
|
|
- AC_MSG_FAILURE([failed to find getfilecon in libselinux])
|
|
|
|
|
- fi
|
|
|
|
|
- ]
|
|
|
|
|
+ missing=
|
|
|
|
|
+ for func in getpidcon getfilecon; do
|
|
|
|
|
+ AC_CHECK_LIB([selinux], [$func], [:],
|
|
|
|
|
+ [missing="$missing $func"])
|
|
|
|
|
+ done
|
|
|
|
|
+ AS_IF([test "x$missing" = x],
|
|
|
|
|
+ [libselinux_LIBS="-lselinux"
|
|
|
|
|
+ enable_secontext=yes
|
|
|
|
|
+ ],
|
|
|
|
|
+ [AS_IF([test "x$with_libselinux" != xcheck],
|
|
|
|
|
+ [AC_MSG_FAILURE([failed to find in libselinux:$missing])]
|
|
|
|
|
+ )
|
|
|
|
|
+ ]
|
|
|
|
|
)
|
|
|
|
|
LDFLAGS="$saved_LDFLAGS"
|
|
|
|
|
],
|
|
|
|
|
- [if test "x$with_libselinux" != xcheck; then
|
|
|
|
|
- AC_MSG_FAILURE([failed to find selinux.h])
|
|
|
|
|
- fi
|
|
|
|
|
+ [AS_IF([test "x$with_libselinux" != xcheck],
|
|
|
|
|
+ [AC_MSG_FAILURE([failed to find selinux.h])]
|
|
|
|
|
+ )
|
|
|
|
|
]
|
|
|
|
|
)
|
|
|
|
|
]
|
Add missing generated/m32/mx32 chunks for --secontext=mismatch option support
* 0168-m4-fix-st_SELINUX-check.patch: Add missing configure changes.
* 0169-Implement-displaying-of-expected-context-upon-mismat.patch: Add
missing tests-m32/gen_tests.in, tests-m32/linkat.c,
tests-m32/options-syntax.test, tests-m32/secontext.c,
tests-m32/secontext.h, tests-mx32/gen_tests.in, tests-mx32/linkat.c,
tests-mx32/options-syntax.test, tests-mx32/secontext.c,
tests-mx32/secontext.h, tests/Makefile.in, tests-m32/Makefile.in,
tests-mx32/Makefile.in, and configure changes, as well as all
tests*/_mismatch.c files.
* 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch: Add
missing tests-m32/linkat.c and tests-mx32/linkat.c changes.
* 0171-tests-secontext-add-secontext-field-getters.patch: Add missing
tests-m32/secontext.c, tests-m32/secontext.h, tests-mx32/secontext.c,
and tests-mx32/secontext.h changes.
* 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch: Add
missing tests-m32/linkat.c and tests-mx32/linkat.c changes.
* 0173-tests-secontext-eliminate-separate-secontext_format-.patch: Add
missing tests-m32/secontext.c and tests-mx32/secontext.c changes.
* 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch: Add
missing tests-m32/linkat.c, tests-m32/secontext.c,
tests-m32/secontext.h, tests-mx32/linkat.c, tests-mx32/secontext.c,
and tests-mx32/secontext.h changes.
* strace.spec (Release): Bump to 7.
(%changelog): Mention the change.
Resolves: #2046264
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2022-02-07 20:18:59 +00:00
|
|
|
--- old/configure 2022-02-07 20:17:58.364068436 +0100
|
|
|
|
|
+++ new/configure 2022-02-07 20:19:17.092067347 +0100
|
|
|
|
|
@@ -18437,9 +18437,12 @@
|
|
|
|
|
if test "x$found_selinux_h" = xyes; then :
|
|
|
|
|
saved_LDFLAGS="$LDFLAGS"
|
|
|
|
|
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
|
|
|
|
|
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpidcon in -lselinux" >&5
|
|
|
|
|
-$as_echo_n "checking for getpidcon in -lselinux... " >&6; }
|
|
|
|
|
-if ${ac_cv_lib_selinux_getpidcon+:} false; then :
|
|
|
|
|
+ missing=
|
|
|
|
|
+ for func in getpidcon getfilecon; do
|
|
|
|
|
+ as_ac_Lib=`$as_echo "ac_cv_lib_selinux_$func" | $as_tr_sh`
|
|
|
|
|
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $func in -lselinux" >&5
|
|
|
|
|
+$as_echo_n "checking for $func in -lselinux... " >&6; }
|
|
|
|
|
+if eval \${$as_ac_Lib+:} false; then :
|
|
|
|
|
$as_echo_n "(cached) " >&6
|
|
|
|
|
else
|
|
|
|
|
ac_check_lib_save_LIBS=$LIBS
|
|
|
|
|
@@ -18453,101 +18456,59 @@
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C"
|
|
|
|
|
#endif
|
|
|
|
|
-char getpidcon ();
|
|
|
|
|
+char $func ();
|
|
|
|
|
int
|
|
|
|
|
main ()
|
|
|
|
|
{
|
|
|
|
|
-return getpidcon ();
|
|
|
|
|
+return $func ();
|
|
|
|
|
;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
_ACEOF
|
|
|
|
|
if ac_fn_c_try_link "$LINENO"; then :
|
|
|
|
|
- ac_cv_lib_selinux_getpidcon=yes
|
|
|
|
|
+ eval "$as_ac_Lib=yes"
|
|
|
|
|
else
|
|
|
|
|
- ac_cv_lib_selinux_getpidcon=no
|
|
|
|
|
+ eval "$as_ac_Lib=no"
|
|
|
|
|
fi
|
|
|
|
|
rm -f core conftest.err conftest.$ac_objext \
|
|
|
|
|
conftest$ac_exeext conftest.$ac_ext
|
|
|
|
|
LIBS=$ac_check_lib_save_LIBS
|
|
|
|
|
fi
|
|
|
|
|
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getpidcon" >&5
|
|
|
|
|
-$as_echo "$ac_cv_lib_selinux_getpidcon" >&6; }
|
|
|
|
|
-if test "x$ac_cv_lib_selinux_getpidcon" = xyes; then :
|
|
|
|
|
- libselinux_LIBS="-lselinux"
|
|
|
|
|
- enable_secontext=yes
|
|
|
|
|
-
|
|
|
|
|
+eval ac_res=\$$as_ac_Lib
|
|
|
|
|
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
|
|
|
|
|
+$as_echo "$ac_res" >&6; }
|
|
|
|
|
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
|
|
|
|
|
+ :
|
|
|
|
|
else
|
|
|
|
|
- if test "x$with_libselinux" != xcheck; then
|
|
|
|
|
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
|
|
|
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|
|
|
|
-as_fn_error $? "failed to find getpidcon in libselinux
|
|
|
|
|
-See \`config.log' for more details" "$LINENO" 5; }
|
|
|
|
|
- fi
|
|
|
|
|
-
|
|
|
|
|
-
|
|
|
|
|
+ missing="$missing $func"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getfilecon in -lselinux" >&5
|
|
|
|
|
-$as_echo_n "checking for getfilecon in -lselinux... " >&6; }
|
|
|
|
|
-if ${ac_cv_lib_selinux_getfilecon+:} false; then :
|
|
|
|
|
- $as_echo_n "(cached) " >&6
|
|
|
|
|
-else
|
|
|
|
|
- ac_check_lib_save_LIBS=$LIBS
|
|
|
|
|
-LIBS="-lselinux $LIBS"
|
|
|
|
|
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
|
|
|
-/* end confdefs.h. */
|
|
|
|
|
-
|
|
|
|
|
-/* Override any GCC internal prototype to avoid an error.
|
|
|
|
|
- Use char because int might match the return type of a GCC
|
|
|
|
|
- builtin and then its argument prototype would still apply. */
|
|
|
|
|
-#ifdef __cplusplus
|
|
|
|
|
-extern "C"
|
|
|
|
|
-#endif
|
|
|
|
|
-char getfilecon ();
|
|
|
|
|
-int
|
|
|
|
|
-main ()
|
|
|
|
|
-{
|
|
|
|
|
-return getfilecon ();
|
|
|
|
|
- ;
|
|
|
|
|
- return 0;
|
|
|
|
|
-}
|
|
|
|
|
-_ACEOF
|
|
|
|
|
-if ac_fn_c_try_link "$LINENO"; then :
|
|
|
|
|
- ac_cv_lib_selinux_getfilecon=yes
|
|
|
|
|
-else
|
|
|
|
|
- ac_cv_lib_selinux_getfilecon=no
|
|
|
|
|
-fi
|
|
|
|
|
-rm -f core conftest.err conftest.$ac_objext \
|
|
|
|
|
- conftest$ac_exeext conftest.$ac_ext
|
|
|
|
|
-LIBS=$ac_check_lib_save_LIBS
|
|
|
|
|
-fi
|
|
|
|
|
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getfilecon" >&5
|
|
|
|
|
-$as_echo "$ac_cv_lib_selinux_getfilecon" >&6; }
|
|
|
|
|
-if test "x$ac_cv_lib_selinux_getfilecon" = xyes; then :
|
|
|
|
|
+ done
|
|
|
|
|
+ if test "x$missing" = x; then :
|
|
|
|
|
libselinux_LIBS="-lselinux"
|
|
|
|
|
- enable_secontext=yes
|
|
|
|
|
+ enable_secontext=yes
|
|
|
|
|
|
|
|
|
|
else
|
|
|
|
|
- if test "x$with_libselinux" != xcheck; then
|
|
|
|
|
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
|
|
|
+ if test "x$with_libselinux" != xcheck; then :
|
|
|
|
|
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
|
|
|
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|
|
|
|
-as_fn_error $? "failed to find getfilecon in libselinux
|
|
|
|
|
+as_fn_error $? "failed to find in libselinux:$missing
|
|
|
|
|
See \`config.log' for more details" "$LINENO" 5; }
|
|
|
|
|
- fi
|
|
|
|
|
-
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
+
|
|
|
|
|
+fi
|
|
|
|
|
LDFLAGS="$saved_LDFLAGS"
|
|
|
|
|
|
|
|
|
|
else
|
|
|
|
|
- if test "x$with_libselinux" != xcheck; then
|
|
|
|
|
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
|
|
|
+ if test "x$with_libselinux" != xcheck; then :
|
|
|
|
|
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
|
|
|
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|
|
|
|
as_fn_error $? "failed to find selinux.h
|
|
|
|
|
See \`config.log' for more details" "$LINENO" 5; }
|
|
|
|
|
- fi
|
|
|
|
|
+
|
|
|
|
|
+fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
fi
|
2022-01-19 20:03:53 +00:00
|
|
|
--
|
|
|
|
|
2.1.4
|
|
|
|
|
|