- Add upstream patches that fix build with libselinux 2.3

Added: 292d3f2d-libselinux-build-fix1.patch,
         b109c097-libselinux-build-fix2.patch
  Dropped: libselinux-build-fix.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=379

292d3f2d-libselinux-build-fix1.patch

@@ -0,0 +1,98 @@
+commit 292d3f2d38e8faca075ababcb652f2e090b745b2
+Author: Cédric Bosdonnat <cbosdonnat@suse.com>
+Date:   Wed May 28 14:44:08 2014 +0200
+
+    build: fix build with libselinux 2.3
+    
+    Several function signatures changed in libselinux 2.3, now taking
+    a 'const char *' instead of 'security_context_t'.  The latter is
+    defined in selinux/selinux.h as
+    
+      typedef char *security_context_t;
+    
+    Signed-off-by: Eric Blake <eblake@redhat.com>
+
+Index: libvirt-1.2.4/m4/virt-selinux.m4
+===================================================================
+--- libvirt-1.2.4.orig/m4/virt-selinux.m4
++++ libvirt-1.2.4/m4/virt-selinux.m4
+@@ -1,6 +1,6 @@
+ dnl The libselinux.so library
+ dnl
+-dnl Copyright (C) 2012-2013 Red Hat, Inc.
++dnl Copyright (C) 2012-2014 Red Hat, Inc.
+ dnl
+ dnl This library is free software; you can redistribute it and/or
+ dnl modify it under the terms of the GNU Lesser General Public
+@@ -28,6 +28,21 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
+     [with_selinux_mount=check])
+ 
+   if test "$with_selinux" = "yes"; then
++    # libselinux changed signatures between 2.2 and 2.3
++    AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
++    [AC_COMPILE_IFELSE(
++      [AC_LANG_PROGRAM(
++         [[
++#include <selinux/selinux.h>
++int setcon(const security_context_t context);
++         ]])],
++         [gt_cv_setcon_param='security_context_t'],
++         [gt_cv_setcon_param='const char*'])])
++    if test "$gt_cv_setcon_param" = 'const char*'; then
++       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
++                          [SELinux uses newer char * for security context])
++    fi
++
+     AC_MSG_CHECKING([SELinux mount point])
+     if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
+       if test -d /sys/fs/selinux ; then
+Index: libvirt-1.2.4/tests/securityselinuxhelper.c
+===================================================================
+--- libvirt-1.2.4.orig/tests/securityselinuxhelper.c
++++ libvirt-1.2.4/tests/securityselinuxhelper.c
+@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_contex
+     return getpidcon_raw(pid, context);
+ }
+ 
++#ifdef SELINUX_CTX_CHAR_PTR
++int setcon_raw(const char *context)
++#else
+ int setcon_raw(security_context_t context)
++#endif
+ {
+     if (!is_selinux_enabled()) {
+         errno = EINVAL;
+@@ -165,13 +169,21 @@ int setcon_raw(security_context_t contex
+     return setenv("FAKE_SELINUX_CONTEXT", context, 1);
+ }
+ 
++#ifdef SELINUX_CTX_CHAR_PTR
++int setcon(const char *context)
++#else
+ int setcon(security_context_t context)
++#endif
+ {
+     return setcon_raw(context);
+ }
+ 
+ 
++#ifdef SELINUX_CTX_CHAR_PTR
++int setfilecon_raw(const char *path, const char *con)
++#else
+ int setfilecon_raw(const char *path, security_context_t con)
++#endif
+ {
+     const char *constr = con;
+     if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
+@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, sec
+                     constr, strlen(constr), 0);
+ }
+ 
++#ifdef SELINUX_CTX_CHAR_PTR
++int setfilecon(const char *path, const char *con)
++#else
+ int setfilecon(const char *path, security_context_t con)
++#endif
+ {
+     return setfilecon_raw(path, con);
+ }

b109c097-libselinux-build-fix2.patch

@@ -0,0 +1,101 @@
+commit b109c097654c4fe003e8535481191f37a35d5d7b
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Wed May 28 13:48:21 2014 -0600
+
+    maint: cleanup detection of const'ness of selinux ctx
+    
+    Commit 292d3f2d fixed the build with libselinux 2.3, but missed
+    some suggestions by eblake
+    
+    https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html
+    
+    This patch changes the macro introduced in 292d3f2d to either be
+    empty in the case of newer libselinux, or contain 'const' in the
+    case of older libselinux.  The macro is then used directly in
+    tests/securityselinuxhelper.c.
+
+Index: libvirt-1.2.4/m4/virt-selinux.m4
+===================================================================
+--- libvirt-1.2.4.orig/m4/virt-selinux.m4
++++ libvirt-1.2.4/m4/virt-selinux.m4
+@@ -29,19 +29,18 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
+ 
+   if test "$with_selinux" = "yes"; then
+     # libselinux changed signatures between 2.2 and 2.3
+-    AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
++    AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_param],
+     [AC_COMPILE_IFELSE(
+       [AC_LANG_PROGRAM(
+          [[
+ #include <selinux/selinux.h>
+-int setcon(const security_context_t context);
++int setcon(char *context);
+          ]])],
+-         [gt_cv_setcon_param='security_context_t'],
+-         [gt_cv_setcon_param='const char*'])])
+-    if test "$gt_cv_setcon_param" = 'const char*'; then
+-       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
+-                          [SELinux uses newer char * for security context])
+-    fi
++         [lv_cv_setcon_const=''],
++         [lv_cv_setcon_const='const'])])
++    AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const],
++      [Define to empty or 'const' depending on how SELinux qualifies its
++       security context parameters])
+ 
+     AC_MSG_CHECKING([SELinux mount point])
+     if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
+Index: libvirt-1.2.4/tests/securityselinuxhelper.c
+===================================================================
+--- libvirt-1.2.4.orig/tests/securityselinuxhelper.c
++++ libvirt-1.2.4/tests/securityselinuxhelper.c
+@@ -156,11 +156,7 @@ int getpidcon(pid_t pid, security_contex
+     return getpidcon_raw(pid, context);
+ }
+ 
+-#ifdef SELINUX_CTX_CHAR_PTR
+-int setcon_raw(const char *context)
+-#else
+-int setcon_raw(security_context_t context)
+-#endif
++int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
+ {
+     if (!is_selinux_enabled()) {
+         errno = EINVAL;
+@@ -169,21 +165,13 @@ int setcon_raw(security_context_t contex
+     return setenv("FAKE_SELINUX_CONTEXT", context, 1);
+ }
+ 
+-#ifdef SELINUX_CTX_CHAR_PTR
+-int setcon(const char *context)
+-#else
+-int setcon(security_context_t context)
+-#endif
++int setcon(VIR_SELINUX_CTX_CONST char *context)
+ {
+     return setcon_raw(context);
+ }
+ 
+ 
+-#ifdef SELINUX_CTX_CHAR_PTR
+-int setfilecon_raw(const char *path, const char *con)
+-#else
+-int setfilecon_raw(const char *path, security_context_t con)
+-#endif
++int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con)
+ {
+     const char *constr = con;
+     if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
+@@ -194,11 +182,7 @@ int setfilecon_raw(const char *path, sec
+                     constr, strlen(constr), 0);
+ }
+ 
+-#ifdef SELINUX_CTX_CHAR_PTR
+-int setfilecon(const char *path, const char *con)
+-#else
+-int setfilecon(const char *path, security_context_t con)
+-#endif
++int setfilecon(const char *path, VIR_SELINUX_CTX_CONST char *con)
+ {
+     return setfilecon_raw(path, con);
+ }

libselinux-build-fix.patch

@@ -1,79 +0,0 @@
-diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
-index 003c2a8..d1f0347 100644
---- a/m4/virt-selinux.m4
-+++ b/m4/virt-selinux.m4
-@@ -28,6 +28,24 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
-     [with_selinux_mount=check])
- 
-   if test "$with_selinux" = "yes"; then
-+  AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
-+    [AC_COMPILE_IFELSE(
-+      [AC_LANG_PROGRAM(
-+         [[
-+#include <selinux/selinux.h>
-+
-+int setcon(const security_context_t context) {
-+    return 0;
-+}
-+         ]],
-+         [[]])],
-+         [gt_cv_setcon_param='security_context'],
-+         [gt_cv_setcon_param='const char*'])])
-+    if test "$gt_cv_setcon_param" = 'const char*'; then
-+       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
-+                          [SELinux uses char * for security context])
-+    fi
-+
-     AC_MSG_CHECKING([SELinux mount point])
-     if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
-       if test -d /sys/fs/selinux ; then
-diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
-index dbc4c29..af4fae4 100644
---- a/tests/securityselinuxhelper.c
-+++ b/tests/securityselinuxhelper.c
-@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context)
-     return getpidcon_raw(pid, context);
- }
- 
-+#ifdef SELINUX_CTX_CHAR_PTR
-+int setcon_raw(const char *context)
-+#else
- int setcon_raw(security_context_t context)
-+#endif
- {
-     if (!is_selinux_enabled()) {
-         errno = EINVAL;
-@@ -165,13 +169,21 @@ int setcon_raw(security_context_t context)
-     return setenv("FAKE_SELINUX_CONTEXT", context, 1);
- }
- 
-+#ifdef SELINUX_CTX_CHAR_PTR
-+int setcon(const char *context)
-+#else
- int setcon(security_context_t context)
-+#endif
- {
-     return setcon_raw(context);
- }
- 
- 
-+#ifdef SELINUX_CTX_CHAR_PTR
-+int setfilecon_raw(const char *path, const char *con)
-+#else
- int setfilecon_raw(const char *path, security_context_t con)
-+#endif
- {
-     const char *constr = con;
-     if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
-@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, security_context_t con)
-                     constr, strlen(constr), 0);
- }
- 
-+#ifdef SELINUX_CTX_CHAR_PTR
-+int setfilecon(const char *path, const char *con)
-+#else
- int setfilecon(const char *path, security_context_t con)
-+#endif
- {
-     return setfilecon_raw(path, con);
- }

libvirt.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed May 28 17:13:29 MDT 2014 - jfehlig@suse.com
+
+- Add upstream patches that fix build with libselinux 2.3
+  Added: 292d3f2d-libselinux-build-fix1.patch,
+         b109c097-libselinux-build-fix2.patch
+  Dropped: libselinux-build-fix.patch
+
 -------------------------------------------------------------------
 Wed May 28 12:42:34 UTC 2014 - cbosdonnat@suse.com
 

libvirt.spec

@@ -434,12 +434,13 @@ Patch2:         da744120-use-reboot-flag.patch
 Patch3:         d6b27d3e-CVE-2014-0179.patch
 Patch4:         fd43d1f8-libxl-iface-hostdev.patch
 Patch5:         99f50208-managed-hostdev-iface.patch
+Patch6:         292d3f2d-libselinux-build-fix1.patch
+Patch7:         b109c097-libselinux-build-fix2.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       ia64-clone.patch
 Patch102:       xen-pv-cdrom.patch
 Patch103:       add-nocow-to-vol-xml.patch
-Patch104:       libselinux-build-fix.patch
 # pending review upstream patches
 Patch150:       libxl-migration-support.patch
 # Our patches
@@ -959,11 +960,12 @@ namespaces.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
 %patch103 -p1
-%patch104 -p1
 %patch150 -p1
 %patch200 -p1
 %patch201 -p1