- Add upstream patches that fix build with libselinux 2.3

Added: 292d3f2d-libselinux-build-fix1.patch,
         b109c097-libselinux-build-fix2.patch
  Dropped: libselinux-build-fix.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=379
This commit is contained in:
James Fehlig 2014-05-28 23:16:07 +00:00 committed by Git OBS Bridge
parent 40ebd7b517
commit 92f6cbc9c8
5 changed files with 211 additions and 81 deletions

View File

@ -0,0 +1,98 @@
commit 292d3f2d38e8faca075ababcb652f2e090b745b2
Author: Cédric Bosdonnat <cbosdonnat@suse.com>
Date: Wed May 28 14:44:08 2014 +0200
build: fix build with libselinux 2.3
Several function signatures changed in libselinux 2.3, now taking
a 'const char *' instead of 'security_context_t'. The latter is
defined in selinux/selinux.h as
typedef char *security_context_t;
Signed-off-by: Eric Blake <eblake@redhat.com>
Index: libvirt-1.2.4/m4/virt-selinux.m4
===================================================================
--- libvirt-1.2.4.orig/m4/virt-selinux.m4
+++ libvirt-1.2.4/m4/virt-selinux.m4
@@ -1,6 +1,6 @@
dnl The libselinux.so library
dnl
-dnl Copyright (C) 2012-2013 Red Hat, Inc.
+dnl Copyright (C) 2012-2014 Red Hat, Inc.
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,21 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
[with_selinux_mount=check])
if test "$with_selinux" = "yes"; then
+ # libselinux changed signatures between 2.2 and 2.3
+ AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+#include <selinux/selinux.h>
+int setcon(const security_context_t context);
+ ]])],
+ [gt_cv_setcon_param='security_context_t'],
+ [gt_cv_setcon_param='const char*'])])
+ if test "$gt_cv_setcon_param" = 'const char*'; then
+ AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
+ [SELinux uses newer char * for security context])
+ fi
+
AC_MSG_CHECKING([SELinux mount point])
if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
if test -d /sys/fs/selinux ; then
Index: libvirt-1.2.4/tests/securityselinuxhelper.c
===================================================================
--- libvirt-1.2.4.orig/tests/securityselinuxhelper.c
+++ libvirt-1.2.4/tests/securityselinuxhelper.c
@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_contex
return getpidcon_raw(pid, context);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon_raw(const char *context)
+#else
int setcon_raw(security_context_t context)
+#endif
{
if (!is_selinux_enabled()) {
errno = EINVAL;
@@ -165,13 +169,21 @@ int setcon_raw(security_context_t contex
return setenv("FAKE_SELINUX_CONTEXT", context, 1);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon(const char *context)
+#else
int setcon(security_context_t context)
+#endif
{
return setcon_raw(context);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon_raw(const char *path, const char *con)
+#else
int setfilecon_raw(const char *path, security_context_t con)
+#endif
{
const char *constr = con;
if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, sec
constr, strlen(constr), 0);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon(const char *path, const char *con)
+#else
int setfilecon(const char *path, security_context_t con)
+#endif
{
return setfilecon_raw(path, con);
}

View File

@ -0,0 +1,101 @@
commit b109c097654c4fe003e8535481191f37a35d5d7b
Author: Jim Fehlig <jfehlig@suse.com>
Date: Wed May 28 13:48:21 2014 -0600
maint: cleanup detection of const'ness of selinux ctx
Commit 292d3f2d fixed the build with libselinux 2.3, but missed
some suggestions by eblake
https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html
This patch changes the macro introduced in 292d3f2d to either be
empty in the case of newer libselinux, or contain 'const' in the
case of older libselinux. The macro is then used directly in
tests/securityselinuxhelper.c.
Index: libvirt-1.2.4/m4/virt-selinux.m4
===================================================================
--- libvirt-1.2.4.orig/m4/virt-selinux.m4
+++ libvirt-1.2.4/m4/virt-selinux.m4
@@ -29,19 +29,18 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
if test "$with_selinux" = "yes"; then
# libselinux changed signatures between 2.2 and 2.3
- AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
+ AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_param],
[AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <selinux/selinux.h>
-int setcon(const security_context_t context);
+int setcon(char *context);
]])],
- [gt_cv_setcon_param='security_context_t'],
- [gt_cv_setcon_param='const char*'])])
- if test "$gt_cv_setcon_param" = 'const char*'; then
- AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
- [SELinux uses newer char * for security context])
- fi
+ [lv_cv_setcon_const=''],
+ [lv_cv_setcon_const='const'])])
+ AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const],
+ [Define to empty or 'const' depending on how SELinux qualifies its
+ security context parameters])
AC_MSG_CHECKING([SELinux mount point])
if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
Index: libvirt-1.2.4/tests/securityselinuxhelper.c
===================================================================
--- libvirt-1.2.4.orig/tests/securityselinuxhelper.c
+++ libvirt-1.2.4/tests/securityselinuxhelper.c
@@ -156,11 +156,7 @@ int getpidcon(pid_t pid, security_contex
return getpidcon_raw(pid, context);
}
-#ifdef SELINUX_CTX_CHAR_PTR
-int setcon_raw(const char *context)
-#else
-int setcon_raw(security_context_t context)
-#endif
+int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
{
if (!is_selinux_enabled()) {
errno = EINVAL;
@@ -169,21 +165,13 @@ int setcon_raw(security_context_t contex
return setenv("FAKE_SELINUX_CONTEXT", context, 1);
}
-#ifdef SELINUX_CTX_CHAR_PTR
-int setcon(const char *context)
-#else
-int setcon(security_context_t context)
-#endif
+int setcon(VIR_SELINUX_CTX_CONST char *context)
{
return setcon_raw(context);
}
-#ifdef SELINUX_CTX_CHAR_PTR
-int setfilecon_raw(const char *path, const char *con)
-#else
-int setfilecon_raw(const char *path, security_context_t con)
-#endif
+int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con)
{
const char *constr = con;
if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
@@ -194,11 +182,7 @@ int setfilecon_raw(const char *path, sec
constr, strlen(constr), 0);
}
-#ifdef SELINUX_CTX_CHAR_PTR
-int setfilecon(const char *path, const char *con)
-#else
-int setfilecon(const char *path, security_context_t con)
-#endif
+int setfilecon(const char *path, VIR_SELINUX_CTX_CONST char *con)
{
return setfilecon_raw(path, con);
}

View File

@ -1,79 +0,0 @@
diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
index 003c2a8..d1f0347 100644
--- a/m4/virt-selinux.m4
+++ b/m4/virt-selinux.m4
@@ -28,6 +28,24 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
[with_selinux_mount=check])
if test "$with_selinux" = "yes"; then
+ AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+#include <selinux/selinux.h>
+
+int setcon(const security_context_t context) {
+ return 0;
+}
+ ]],
+ [[]])],
+ [gt_cv_setcon_param='security_context'],
+ [gt_cv_setcon_param='const char*'])])
+ if test "$gt_cv_setcon_param" = 'const char*'; then
+ AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
+ [SELinux uses char * for security context])
+ fi
+
AC_MSG_CHECKING([SELinux mount point])
if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
if test -d /sys/fs/selinux ; then
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index dbc4c29..af4fae4 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context)
return getpidcon_raw(pid, context);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon_raw(const char *context)
+#else
int setcon_raw(security_context_t context)
+#endif
{
if (!is_selinux_enabled()) {
errno = EINVAL;
@@ -165,13 +169,21 @@ int setcon_raw(security_context_t context)
return setenv("FAKE_SELINUX_CONTEXT", context, 1);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon(const char *context)
+#else
int setcon(security_context_t context)
+#endif
{
return setcon_raw(context);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon_raw(const char *path, const char *con)
+#else
int setfilecon_raw(const char *path, security_context_t con)
+#endif
{
const char *constr = con;
if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, security_context_t con)
constr, strlen(constr), 0);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon(const char *path, const char *con)
+#else
int setfilecon(const char *path, security_context_t con)
+#endif
{
return setfilecon_raw(path, con);
}

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed May 28 17:13:29 MDT 2014 - jfehlig@suse.com
- Add upstream patches that fix build with libselinux 2.3
Added: 292d3f2d-libselinux-build-fix1.patch,
b109c097-libselinux-build-fix2.patch
Dropped: libselinux-build-fix.patch
-------------------------------------------------------------------
Wed May 28 12:42:34 UTC 2014 - cbosdonnat@suse.com

View File

@ -434,12 +434,13 @@ Patch2: da744120-use-reboot-flag.patch
Patch3: d6b27d3e-CVE-2014-0179.patch
Patch4: fd43d1f8-libxl-iface-hostdev.patch
Patch5: 99f50208-managed-hostdev-iface.patch
Patch6: 292d3f2d-libselinux-build-fix1.patch
Patch7: b109c097-libselinux-build-fix2.patch
# Need to go upstream
Patch100: xen-name-for-devid.patch
Patch101: ia64-clone.patch
Patch102: xen-pv-cdrom.patch
Patch103: add-nocow-to-vol-xml.patch
Patch104: libselinux-build-fix.patch
# pending review upstream patches
Patch150: libxl-migration-support.patch
# Our patches
@ -959,11 +960,12 @@ namespaces.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch150 -p1
%patch200 -p1
%patch201 -p1