[libvirt] [PATCH v2] build: fix build with libselinux 2.3
Eric Blake
eblake at redhat.com
Wed May 28 17:38:21 UTC 2014
On 05/28/2014 06:44 AM, Cédric Bosdonnat wrote:
> Several function signatures changed in libselinux 2.3, now taking
> a 'const char *' instead of 'security_context_t'. The latter is
> defined in selinux/selinux.h as
>
> typedef char *security_context_t;
> ---
> m4/virt-selinux.m4 | 18 ++++++++++++++++++
> tests/securityselinuxhelper.c | 16 ++++++++++++++++
> 2 files changed, 34 insertions(+)
>
> diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
> index 003c2a8..c299793 100644
> --- a/m4/virt-selinux.m4
> +++ b/m4/virt-selinux.m4
> @@ -28,6 +28,24 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
> [with_selinux_mount=check])
>
> if test "$with_selinux" = "yes"; then
> + AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
> + [AC_COMPILE_IFELSE(
> + [AC_LANG_PROGRAM(
> + [[
> +#include <selinux/selinux.h>
> +
> +int setcon(const security_context_t context) {
So this tests if we are compatible with the old signature...
> + return 0;
> +}
> + ]],
> + [[]])],
> + [gt_cv_setcon_param='security_context'],
...if so, we set the param to one value,...
Typo - there is no 'security_context'.
> + [gt_cv_setcon_param='const char*'])])
...if not, we assume const char* works instead. I wonder if it ias
better to check for the new signature, and if it fails assume the old;
but unless a third signature ever appears in the future, it probably
doesn't matter.
> + if test "$gt_cv_setcon_param" = 'const char*'; then
> + AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
> + [SELinux uses char * for security context])
I'll still like to try and do a slicker macro that is either '' or
'const', because then...
> + fi
> +
> AC_MSG_CHECKING([SELinux mount point])
> if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
> if test -d /sys/fs/selinux ; then
> diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
> index dbc4c29..af4fae4 100644
> --- a/tests/securityselinuxhelper.c
> +++ b/tests/securityselinuxhelper.c
> @@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context)
> return getpidcon_raw(pid, context);
> }
>
> +#ifdef SELINUX_CTX_CHAR_PTR
> +int setcon_raw(const char *context)
> +#else
> int setcon_raw(security_context_t context)
> +#endif
...here you would just need:
int setcon_raw(POSSIBLY_CONST char *context)
instead of #ifdefs.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140528/72d5a156/attachment-0001.sig>
More information about the libvir-list
mailing list