'Re: SETools patch for libselinux-2.3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: SETools patch for libselinux-2.3
From:       "Christopher J. PeBenito" <cpebenito () tresys ! com>
Date:       2014-06-12 15:42:33
Message-ID: 5399CA69.7070901 () tresys ! com
[Download RAW message or body]

On 06/11/2014 06:26 PM, Nicolas Iooss wrote:
> 2014-06-10 3:22 GMT+02:00 Christopher J. PeBenito <cpebenito@tresys.com>:
> > On 5/28/2014 1:04 PM, Sven Vermeulen wrote:
> > > Index: secmds/replcon.cc
> > > ===================================================================
> > > --- secmds/replcon.cc (revision 4973)
> > > +++ secmds/replcon.cc (working copy)
> > > @@ -60,7 +60,7 @@
> > > {NULL, 0, NULL, 0}
> > > };
> > > 
> > > -extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ \
> > > ((weak)); +extern int lsetfilecon_raw(const char *, const char *) __attribute__ \
> > > ((weak));
> > 
> > Unfortunately, this breaks it in the same way if you compile with libselinux < \
> > 2.3 with this patch.  The preference would be a patch that allows it to compile \
> > with any recent libselinux, rather than requiring libselinux 2.3.
> 
> When compiling SETools on ArchLinux I got this error message from gcc
> (version 4.9.0):
> 
> replcon.cc:73:25: error: invalid operands of types '<unresolved
> overloaded function type>' and 'long int' to binary 'operator!='
> if (lsetfilecon_raw != NULL)
> 
> I've never used weak functions in C libraries so I don't know the
> proper fix to support libselinux versions which don't provide
> lsetfilecon_raw, but as in ArchLinux only the most recent stable
> version of packages is supported, I simply removed all the code
> related to the "weak function trick" to make it works [1]. According
> to git log, lsetfilecon_raw existed in 2008 [2]. Is it possible to
> replace replcon_lsetfilecon with lsetfilecon_raw in SETools or are
> there still supported versions of libselinux without lsetfilecon_raw?

Well a weak function just means that the program won't fail to link if \
lsetfilecon_raw() isn't found.  It's the method we used to support older libselinuxes \
when the _raw() functions appeared.  I'm not sure if there is a proper C/C++ way to \
handle the apparent parameter change, otherwise preprocessor #ifdef/#else would be \
the way.  So if you do #ifdef SECURITY_CONTEXT_T it uses the old version #else it \
uses the new version, then autoconf would determine if SECURITY_CONTEXT_T needs to be \
set.  Alternatively it might work to conditionally re-add the security_context_t \
typedef inside this file.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic