From 92f6cbc9c8e5024e4f73b7470f82b1f2b8e0810ad067e5bd8620cb49bc277072 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 28 May 2014 23:16:07 +0000 Subject: [PATCH] - Add upstream patches that fix build with libselinux 2.3 Added: 292d3f2d-libselinux-build-fix1.patch, b109c097-libselinux-build-fix2.patch Dropped: libselinux-build-fix.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=379 --- 292d3f2d-libselinux-build-fix1.patch | 98 ++++++++++++++++++++++++++ b109c097-libselinux-build-fix2.patch | 101 +++++++++++++++++++++++++++ libselinux-build-fix.patch | 79 --------------------- libvirt.changes | 8 +++ libvirt.spec | 6 +- 5 files changed, 211 insertions(+), 81 deletions(-) create mode 100644 292d3f2d-libselinux-build-fix1.patch create mode 100644 b109c097-libselinux-build-fix2.patch delete mode 100644 libselinux-build-fix.patch diff --git a/292d3f2d-libselinux-build-fix1.patch b/292d3f2d-libselinux-build-fix1.patch new file mode 100644 index 0000000..5e40d74 --- /dev/null +++ b/292d3f2d-libselinux-build-fix1.patch @@ -0,0 +1,98 @@ +commit 292d3f2d38e8faca075ababcb652f2e090b745b2 +Author: Cédric Bosdonnat +Date: Wed May 28 14:44:08 2014 +0200 + + build: fix build with libselinux 2.3 + + Several function signatures changed in libselinux 2.3, now taking + a 'const char *' instead of 'security_context_t'. The latter is + defined in selinux/selinux.h as + + typedef char *security_context_t; + + Signed-off-by: Eric Blake + +Index: libvirt-1.2.4/m4/virt-selinux.m4 +=================================================================== +--- libvirt-1.2.4.orig/m4/virt-selinux.m4 ++++ libvirt-1.2.4/m4/virt-selinux.m4 +@@ -1,6 +1,6 @@ + dnl The libselinux.so library + dnl +-dnl Copyright (C) 2012-2013 Red Hat, Inc. ++dnl Copyright (C) 2012-2014 Red Hat, Inc. + dnl + dnl This library is free software; you can redistribute it and/or + dnl modify it under the terms of the GNU Lesser General Public +@@ -28,6 +28,21 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ + [with_selinux_mount=check]) + + if test "$with_selinux" = "yes"; then ++ # libselinux changed signatures between 2.2 and 2.3 ++ AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[ ++#include ++int setcon(const security_context_t context); ++ ]])], ++ [gt_cv_setcon_param='security_context_t'], ++ [gt_cv_setcon_param='const char*'])]) ++ if test "$gt_cv_setcon_param" = 'const char*'; then ++ AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1, ++ [SELinux uses newer char * for security context]) ++ fi ++ + AC_MSG_CHECKING([SELinux mount point]) + if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then + if test -d /sys/fs/selinux ; then +Index: libvirt-1.2.4/tests/securityselinuxhelper.c +=================================================================== +--- libvirt-1.2.4.orig/tests/securityselinuxhelper.c ++++ libvirt-1.2.4/tests/securityselinuxhelper.c +@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_contex + return getpidcon_raw(pid, context); + } + ++#ifdef SELINUX_CTX_CHAR_PTR ++int setcon_raw(const char *context) ++#else + int setcon_raw(security_context_t context) ++#endif + { + if (!is_selinux_enabled()) { + errno = EINVAL; +@@ -165,13 +169,21 @@ int setcon_raw(security_context_t contex + return setenv("FAKE_SELINUX_CONTEXT", context, 1); + } + ++#ifdef SELINUX_CTX_CHAR_PTR ++int setcon(const char *context) ++#else + int setcon(security_context_t context) ++#endif + { + return setcon_raw(context); + } + + ++#ifdef SELINUX_CTX_CHAR_PTR ++int setfilecon_raw(const char *path, const char *con) ++#else + int setfilecon_raw(const char *path, security_context_t con) ++#endif + { + const char *constr = con; + if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) { +@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, sec + constr, strlen(constr), 0); + } + ++#ifdef SELINUX_CTX_CHAR_PTR ++int setfilecon(const char *path, const char *con) ++#else + int setfilecon(const char *path, security_context_t con) ++#endif + { + return setfilecon_raw(path, con); + } diff --git a/b109c097-libselinux-build-fix2.patch b/b109c097-libselinux-build-fix2.patch new file mode 100644 index 0000000..1e83c0a --- /dev/null +++ b/b109c097-libselinux-build-fix2.patch @@ -0,0 +1,101 @@ +commit b109c097654c4fe003e8535481191f37a35d5d7b +Author: Jim Fehlig +Date: Wed May 28 13:48:21 2014 -0600 + + maint: cleanup detection of const'ness of selinux ctx + + Commit 292d3f2d fixed the build with libselinux 2.3, but missed + some suggestions by eblake + + https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html + + This patch changes the macro introduced in 292d3f2d to either be + empty in the case of newer libselinux, or contain 'const' in the + case of older libselinux. The macro is then used directly in + tests/securityselinuxhelper.c. + +Index: libvirt-1.2.4/m4/virt-selinux.m4 +=================================================================== +--- libvirt-1.2.4.orig/m4/virt-selinux.m4 ++++ libvirt-1.2.4/m4/virt-selinux.m4 +@@ -29,19 +29,18 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ + + if test "$with_selinux" = "yes"; then + # libselinux changed signatures between 2.2 and 2.3 +- AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param], ++ AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_param], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include +-int setcon(const security_context_t context); ++int setcon(char *context); + ]])], +- [gt_cv_setcon_param='security_context_t'], +- [gt_cv_setcon_param='const char*'])]) +- if test "$gt_cv_setcon_param" = 'const char*'; then +- AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1, +- [SELinux uses newer char * for security context]) +- fi ++ [lv_cv_setcon_const=''], ++ [lv_cv_setcon_const='const'])]) ++ AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const], ++ [Define to empty or 'const' depending on how SELinux qualifies its ++ security context parameters]) + + AC_MSG_CHECKING([SELinux mount point]) + if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then +Index: libvirt-1.2.4/tests/securityselinuxhelper.c +=================================================================== +--- libvirt-1.2.4.orig/tests/securityselinuxhelper.c ++++ libvirt-1.2.4/tests/securityselinuxhelper.c +@@ -156,11 +156,7 @@ int getpidcon(pid_t pid, security_contex + return getpidcon_raw(pid, context); + } + +-#ifdef SELINUX_CTX_CHAR_PTR +-int setcon_raw(const char *context) +-#else +-int setcon_raw(security_context_t context) +-#endif ++int setcon_raw(VIR_SELINUX_CTX_CONST char *context) + { + if (!is_selinux_enabled()) { + errno = EINVAL; +@@ -169,21 +165,13 @@ int setcon_raw(security_context_t contex + return setenv("FAKE_SELINUX_CONTEXT", context, 1); + } + +-#ifdef SELINUX_CTX_CHAR_PTR +-int setcon(const char *context) +-#else +-int setcon(security_context_t context) +-#endif ++int setcon(VIR_SELINUX_CTX_CONST char *context) + { + return setcon_raw(context); + } + + +-#ifdef SELINUX_CTX_CHAR_PTR +-int setfilecon_raw(const char *path, const char *con) +-#else +-int setfilecon_raw(const char *path, security_context_t con) +-#endif ++int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con) + { + const char *constr = con; + if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) { +@@ -194,11 +182,7 @@ int setfilecon_raw(const char *path, sec + constr, strlen(constr), 0); + } + +-#ifdef SELINUX_CTX_CHAR_PTR +-int setfilecon(const char *path, const char *con) +-#else +-int setfilecon(const char *path, security_context_t con) +-#endif ++int setfilecon(const char *path, VIR_SELINUX_CTX_CONST char *con) + { + return setfilecon_raw(path, con); + } diff --git a/libselinux-build-fix.patch b/libselinux-build-fix.patch deleted file mode 100644 index df2c37c..0000000 --- a/libselinux-build-fix.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4 -index 003c2a8..d1f0347 100644 ---- a/m4/virt-selinux.m4 -+++ b/m4/virt-selinux.m4 -@@ -28,6 +28,24 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ - [with_selinux_mount=check]) - - if test "$with_selinux" = "yes"; then -+ AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param], -+ [AC_COMPILE_IFELSE( -+ [AC_LANG_PROGRAM( -+ [[ -+#include -+ -+int setcon(const security_context_t context) { -+ return 0; -+} -+ ]], -+ [[]])], -+ [gt_cv_setcon_param='security_context'], -+ [gt_cv_setcon_param='const char*'])]) -+ if test "$gt_cv_setcon_param" = 'const char*'; then -+ AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1, -+ [SELinux uses char * for security context]) -+ fi -+ - AC_MSG_CHECKING([SELinux mount point]) - if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then - if test -d /sys/fs/selinux ; then -diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c -index dbc4c29..af4fae4 100644 ---- a/tests/securityselinuxhelper.c -+++ b/tests/securityselinuxhelper.c -@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context) - return getpidcon_raw(pid, context); - } - -+#ifdef SELINUX_CTX_CHAR_PTR -+int setcon_raw(const char *context) -+#else - int setcon_raw(security_context_t context) -+#endif - { - if (!is_selinux_enabled()) { - errno = EINVAL; -@@ -165,13 +169,21 @@ int setcon_raw(security_context_t context) - return setenv("FAKE_SELINUX_CONTEXT", context, 1); - } - -+#ifdef SELINUX_CTX_CHAR_PTR -+int setcon(const char *context) -+#else - int setcon(security_context_t context) -+#endif - { - return setcon_raw(context); - } - - -+#ifdef SELINUX_CTX_CHAR_PTR -+int setfilecon_raw(const char *path, const char *con) -+#else - int setfilecon_raw(const char *path, security_context_t con) -+#endif - { - const char *constr = con; - if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) { -@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, security_context_t con) - constr, strlen(constr), 0); - } - -+#ifdef SELINUX_CTX_CHAR_PTR -+int setfilecon(const char *path, const char *con) -+#else - int setfilecon(const char *path, security_context_t con) -+#endif - { - return setfilecon_raw(path, con); - } diff --git a/libvirt.changes b/libvirt.changes index 45c1552..82952ac 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed May 28 17:13:29 MDT 2014 - jfehlig@suse.com + +- Add upstream patches that fix build with libselinux 2.3 + Added: 292d3f2d-libselinux-build-fix1.patch, + b109c097-libselinux-build-fix2.patch + Dropped: libselinux-build-fix.patch + ------------------------------------------------------------------- Wed May 28 12:42:34 UTC 2014 - cbosdonnat@suse.com diff --git a/libvirt.spec b/libvirt.spec index 499a639..dfd0ae9 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -434,12 +434,13 @@ Patch2: da744120-use-reboot-flag.patch Patch3: d6b27d3e-CVE-2014-0179.patch Patch4: fd43d1f8-libxl-iface-hostdev.patch Patch5: 99f50208-managed-hostdev-iface.patch +Patch6: 292d3f2d-libselinux-build-fix1.patch +Patch7: b109c097-libselinux-build-fix2.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: ia64-clone.patch Patch102: xen-pv-cdrom.patch Patch103: add-nocow-to-vol-xml.patch -Patch104: libselinux-build-fix.patch # pending review upstream patches Patch150: libxl-migration-support.patch # Our patches @@ -959,11 +960,12 @@ namespaces. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 -%patch104 -p1 %patch150 -p1 %patch200 -p1 %patch201 -p1