From: Guido Trentalancia <guido@trentalancia.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@redhat.com>,
Eric Paris <eparis@parisplace.org>,
SELinux Mail List <selinux@tycho.nsa.gov>
Subject: Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)
Date: Thu, 15 Sep 2011 04:44:00 +0200 [thread overview]
Message-ID: <1316054641.23290.48.camel@vortex> (raw)
In-Reply-To: <1316004965.26965.9.camel@moss-pluto>
Hello Stephen.
On Wed, 2011-09-14 at 08:56 -0400, Stephen Smalley wrote:
> On Wed, 2011-09-14 at 00:05 +0200, Guido Trentalancia wrote:
> > Hello Eric !
> >
> > On Tue, 2011-09-13 at 16:26 -0400, Eric Paris wrote:
> > > Personally, I'd like to see just 'make' at the top level dir build
> > > properly and I think your patches get us most of the way there without
> > > (further) breaking the building method that sds prefers.
> > >
> > > If you get your best patch which does nothing but allow us to just type
> > > 'make' at the top level dir and it builds everything properly in place,
> > > I'll review and probably commit such a patch.
> >
> > Yes, let's get to the point. The latest version of the patch that you
> > should test is attached below. Please note that it also changes the
> > creation of symbolic links to shared libraries (needs to be
> > double-checked for correctness).
> >
> > diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
> > --- selinux/checkpolicy/Makefile 2011-09-09 20:12:55.978662153 +0200
> > +++ selinux-13092011/checkpolicy/Makefile 2011-09-13 02:58:19.314224502 +0200
> > @@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
> > CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
> > CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
> >
> > -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> > +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
> >
> > GENERATED=lex.yy.c y.tab.c y.tab.h
>
> The above will break when building checkpolicy separately.
Yes it will. But it also avoids linking an existing old static library
when building from the whole git bundle.
Before creating each release of the separate components, that piece of
patch could be reverted or otherwise a script could invoke sed on the
affected Makefiles.
> Ditto for
> the other components that need to reference a static lib. I think this
> is why we didn't go down this path previously.
See above: reverting a patch or running sed
> BTW, your patch wouldn't quite compile as is for me even aside from this
> issue; you don't seem to have defined LIBDIR in
> policycoreutils/restorecond/Makefile before using it.
You're right. It needs a fix. It wasn't showing up here because I was
passing LIBDIR from the environment, therefore that was getting passed
at each "make" recursion. Thanks very much for pointint that out.
Here is a revised patch:
diff -pruN selinux/checkpolicy/Makefile selinux-13092011-patch-v5/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile 2011-09-09 20:12:55.978662153 +0200
+++ selinux-13092011-patch-v5/checkpolicy/Makefile 2011-09-15 04:25:47.863171377 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
GENERATED=lex.yy.c y.tab.c y.tab.h
diff -pruN selinux/checkpolicy/test/Makefile selinux-13092011-patch-v5/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile 2011-09-09 20:12:55.980662174 +0200
+++ selinux-13092011-patch-v5/checkpolicy/test/Makefile 2011-09-15 04:25:47.863171377 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
CFLAGS ?= -g -Wall -O2 -pipe
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
all: dispol dismod
diff -pruN selinux/libselinux/src/Makefile selinux-13092011-patch-v5/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile 2011-09-09 20:12:55.992662259 +0200
+++ selinux-13092011-patch-v5/libselinux/src/Makefile 2011-09-15 04:25:47.909171785 +0200
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
install -m 755 $(LIBSO) $(SHLIBDIR)
test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+ cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
install-pywrap: pywrap
test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pruN selinux/libsemanage/src/Makefile selinux-13092011-patch-v5/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile 2011-09-09 20:12:56.008662374 +0200
+++ selinux-13092011-patch-v5/libsemanage/src/Makefile 2011-09-15 04:25:47.956172204 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in
@@ -139,7 +139,7 @@ install: all
test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
install-pywrap: pywrap
test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pruN selinux/libsepol/src/Makefile selinux-13092011-patch-v5/libsepol/src/Makefile
--- selinux/libsepol/src/Makefile 2011-09-09 20:12:56.021662468 +0200
+++ selinux-13092011-patch-v5/libsepol/src/Makefile 2011-09-15 04:25:48.012172702 +0200
@@ -43,7 +43,7 @@ install: all
install -m 755 $(LIBSO) $(SHLIBDIR)
test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+ cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -pruN selinux/Makefile selinux-13092011-patch-v5/Makefile
--- selinux/Makefile 2011-09-09 20:12:55.977662144 +0200
+++ selinux-13092011-patch-v5/Makefile 2011-09-15 04:25:48.012172702 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
DISTCLEANSUBIDRS=libselinux libsemanage
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
- export LDFLAGS = -g
+ CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+ LDFLAGS += -g
endif
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
all install relabel clean test indent:
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-13092011-patch-v5/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile 2011-09-09 20:12:56.034662561 +0200
+++ selinux-13092011-patch-v5/policycoreutils/audit2allow/Makefile 2011-09-15 04:25:48.069173246 +0200
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
all: ;
diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-13092011-patch-v5/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile 2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011-patch-v5/policycoreutils/audit2why/Makefile 2011-09-15 04:25:48.135173776 +0200
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-13092011-patch-v5/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile 2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011-patch-v5/policycoreutils/load_policy/Makefile 2011-09-15 04:25:48.177174157 +0200
@@ -1,13 +1,15 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(DESTDIR)/sbin
USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
TARGETS=$(patsubst %.c,%,$(wildcard *.c))
diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-13092011-patch-v5/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile 2011-09-09 20:12:56.040662607 +0200
+++ selinux-13092011-patch-v5/policycoreutils/mcstrans/src/Makefile 2011-09-15 04:25:48.216174517 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
all: $(PROG)
$(PROG): $(PROG_OBJS)
- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
%.o: %.c
$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-13092011-patch-v5/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile 2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011-patch-v5/policycoreutils/mcstrans/utils/Makefile 2011-09-15 04:25:48.216174517 +0200
@@ -21,7 +21,7 @@ endif
CFLAGS ?= -Wall
override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
TARGETS=$(patsubst %.c,%,$(wildcard *.c))
diff -pruN selinux/policycoreutils/newrole/Makefile selinux-13092011-patch-v5/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile 2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011-patch-v5/policycoreutils/newrole/Makefile 2011-09-15 04:25:48.264174953 +0200
@@ -1,9 +1,11 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
# Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
CFLAGS ?= -Werror -Wall -W
EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
override CFLAGS += -DUSE_PAM
EXTRA_OBJS += hashtab.o
diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile 2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile 2011-09-15 04:28:03.435365416 +0200
@@ -1,13 +1,15 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
all: restorecond
diff -pruN selinux/policycoreutils/run_init/Makefile selinux-13092011-patch-v5/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile 2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011-patch-v5/policycoreutils/run_init/Makefile 2011-09-15 04:25:48.372175901 +0200
@@ -1,16 +1,17 @@
-
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
override CFLAGS += -DUSE_PAM
LDLIBS += -lpam -lpam_misc
diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-13092011-patch-v5/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile 2011-09-09 20:12:56.073662844 +0200
+++ selinux-13092011-patch-v5/policycoreutils/sandbox/Makefile 2011-09-15 04:25:48.448176563 +0200
@@ -1,14 +1,16 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
all: sandbox seunshare sandboxX.sh start
diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-13092011-patch-v5/policycoreutils/scripts/genhomedircon.8
--- selinux/policycoreutils/scripts/genhomedircon.8 2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011-patch-v5/policycoreutils/scripts/genhomedircon.8 2011-09-15 04:25:48.516177230 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
.SH NAME
genhomedircon \- generate SELinux file context configuration entries for user home directories
.SH SYNOPSIS
.B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
.SH AUTHOR
This manual page was written by
.I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)
diff -pruN selinux/policycoreutils/scripts/Makefile selinux-13092011-patch-v5/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile 2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011-patch-v5/policycoreutils/scripts/Makefile 2011-09-15 04:25:48.573177727 +0200
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
all: fixfiles genhomedircon chcat
@@ -11,7 +11,10 @@ install: all
-mkdir -p $(BINDIR)
install -m 755 chcat $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
- install -m 755 genhomedircon $(SBINDIR)
+ @echo "#!/bin/sh" > genhomedircon
+ @echo >> genhomedircon
+ @echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+ install -m 755 genhomedircon $(SBINDIR)
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8 $(MANDIR)/man8/
install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux/policycoreutils/secon/Makefile selinux-13092011-patch-v5/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile 2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011-patch-v5/policycoreutils/secon/Makefile 2011-09-15 04:25:48.573177727 +0200
@@ -1,9 +1,9 @@
# secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
diff -pruN selinux/policycoreutils/semanage/Makefile selinux-13092011-patch-v5/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile 2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semanage/Makefile 2011-09-15 04:25:48.573177727 +0200
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
diff -pruN selinux/policycoreutils/semodule/Makefile selinux-13092011-patch-v5/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile 2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule/Makefile 2011-09-15 04:25:48.574177731 +0200
@@ -2,8 +2,8 @@
PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile 2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_deps/Makefile 2011-09-15 04:25:48.574177731 +0200
@@ -1,13 +1,13 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
all: semodule_deps
diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile 2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_expand/Makefile 2011-09-15 04:25:48.574177731 +0200
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile 2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_link/Makefile 2011-09-15 04:25:48.574177731 +0200
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile 2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_package/Makefile 2011-09-15 04:25:48.575177734 +0200
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-13092011-patch-v5/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile 2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/sestatus/Makefile 2011-09-15 04:25:48.575177734 +0200
@@ -1,12 +1,13 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
LDLIBS = -lselinux -L$(LIBDIR)
all: sestatus
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-13092011-patch-v5/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile 2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011-patch-v5/policycoreutils/setfiles/Makefile 2011-09-15 04:25:48.575177734 +0200
@@ -1,12 +1,13 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-13092011-patch-v5/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile 2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011-patch-v5/policycoreutils/setsebool/Makefile 2011-09-15 04:25:48.575177734 +0200
@@ -2,8 +2,8 @@
PREFIX ?= $(DESTDIR)/usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/README selinux-13092011-patch-v5/README
--- selinux/README 1970-01-01 01:00:00.000000000 +0100
+++ selinux-13092011-patch-v5/README 2011-09-15 04:25:48.576177737 +0200
@@ -0,0 +1,20 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+The environment variable DESTDIR can be passed to "make" in order to configure a
+specific directory to be used as the root installation directory.
+
+Please see the Makefile(s) for other environment variables that can be used.
Or for Eric, if he only needs the relative diff, here it is:
diff -pruN selinux-13092011-patch-v4/policycoreutils/restorecond/Makefile selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile
--- selinux-13092011-patch-v4/policycoreutils/restorecond/Makefile 2011-09-15 04:35:48.832312253 +0200
+++ selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile 2011-09-15 04:28:03.435365416 +0200
@@ -2,6 +2,7 @@
PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(PREFIX)/sbin
INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
SELINUXDIR ?= $(DESTDIR)/etc/selinux
I wish to remind you once again that the proposed solution for creating
the links to the versioned shared libraries has not been fully
tested/agreed yet.
In fact, as Stephen pointed out there is a risk that using absolute
symbolic linking instead of relative symbolic linking could actually
result in broken links being distributed in binary packages (i.e.
pointing to the full path on the build system).
Regards,
Guido
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2011-09-15 2:44 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 17:01 [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule Guido Trentalancia
2011-09-09 17:11 ` Guido Trentalancia
2011-09-09 17:17 ` Guido Trentalancia
2011-09-09 17:31 ` Eric Paris
2011-09-09 17:46 ` Guido Trentalancia
2011-09-09 17:59 ` [PATCH] Fix LIBDIR usage for load_policy (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule) Guido Trentalancia
2011-09-09 21:19 ` [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy) Guido Trentalancia
2011-09-09 21:37 ` Joshua Brindle
2011-09-09 21:46 ` Guido Trentalancia
2011-09-09 22:35 ` Guido Trentalancia
2011-09-09 23:07 ` Eric Paris
2011-09-09 23:12 ` Guido Trentalancia
2011-09-09 23:15 ` Eric Paris
2011-09-09 23:25 ` Guido Trentalancia
2011-09-09 23:45 ` Guido Trentalancia
2011-09-09 23:56 ` Guido Trentalancia
2011-09-10 1:04 ` [RFC] Userspace git local build (was Re: [RFC] Userspace top-level Makefile) Guido Trentalancia
2011-09-10 2:39 ` [RFC v2] Userspace git local build (was Re: [RFC] Userspace git local build) Guido Trentalancia
2011-09-11 23:22 ` [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy) Joshua Brindle
2011-09-12 2:12 ` Guido Trentalancia
2011-09-12 12:41 ` Joshua Brindle
2011-09-12 20:17 ` [RFC] Improve installation of userspace shared libraries (was Re: [RFC] Userspace top-level Makefile) Guido Trentalancia
2011-09-13 21:00 ` Stephen Smalley
2011-09-13 21:12 ` Guido Trentalancia
2011-09-13 21:35 ` Guido Trentalancia
2011-09-12 12:57 ` [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule Stephen Smalley
2011-09-12 20:29 ` [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule) Guido Trentalancia
2011-09-12 22:01 ` Eric Paris
2011-09-12 23:05 ` Guido Trentalancia
2011-09-13 0:53 ` Guido Trentalancia
2011-09-13 2:03 ` [PATCH v2] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix includes for userspace tools and libraries) Guido Trentalancia
2011-09-13 2:41 ` [PATCH v3] Fix includes for userspace tools and libraries (was Re: [PATCH v2] " Guido Trentalancia
2011-09-13 12:41 ` [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule) Stephen Smalley
2011-09-13 16:31 ` Guido Trentalancia
2011-09-13 17:20 ` Stephen Smalley
2011-09-13 18:33 ` [PATCH] Fix includes for userspace tools and libraries (and possible security issue) Guido Trentalancia
2011-09-13 18:46 ` Guido Trentalancia
2011-09-13 19:17 ` Stephen Smalley
2011-09-13 18:48 ` Stephen Smalley
2011-09-13 19:18 ` Guido Trentalancia
2011-09-13 19:25 ` Stephen Smalley
2011-09-13 19:34 ` Stephen Smalley
2011-09-13 20:04 ` Guido Trentalancia
2011-09-13 20:20 ` Stephen Smalley
2011-09-13 20:49 ` Guido Trentalancia
2011-09-13 20:26 ` Eric Paris
2011-09-13 20:42 ` Stephen Smalley
2011-09-13 21:09 ` Guido Trentalancia
2011-09-13 22:05 ` [PATCH v4] " Guido Trentalancia
2011-09-13 23:33 ` [PATCH] Fix function arguments in libsemanage tests (was Re: [PATCH v4] Fix includes for userspace tools and libraries) Guido Trentalancia
2011-09-14 0:44 ` [PATCH] Change default make target for sepolgen " Guido Trentalancia
2011-09-14 1:10 ` [PATCH] Change default make target for some directories in the libraries (was Re: [PATCH] Change default make target for sepolgen) Guido Trentalancia
2011-09-14 1:20 ` [PATCH] Change default make target for the man directory of policycoreutils/mcstrans " Guido Trentalancia
2011-09-14 19:16 ` [PATCH] Change default make target for sepolgen (was Re: [PATCH v4] Fix includes for userspace tools and libraries) Eric Paris
2011-09-14 19:31 ` [PATCH] Fix function arguments in libsemanage tests " Eric Paris
2011-09-15 4:40 ` [PATCH v5] Fix makefiles for the userspace tools and libraries Guido Trentalancia
2011-09-15 9:40 ` [PATCH] Fix symbolic link creation for the userspace libraries Guido Trentalancia
2011-09-15 11:51 ` [PATCH v5] Fix makefiles for the userspace tools and libraries Guido Trentalancia
2011-09-14 12:56 ` [PATCH v4] Fix includes for userspace tools and libraries (and possible security issue) Stephen Smalley
2011-09-15 2:44 ` Guido Trentalancia [this message]
2011-09-15 12:56 ` [PATCH v5] " Stephen Smalley
2011-09-15 16:04 ` Guido Trentalancia
2011-09-15 16:35 ` Stephen Smalley
2011-09-15 17:03 ` Guido Trentalancia
2011-09-15 17:16 ` Stephen Smalley
2011-09-15 17:26 ` Guido Trentalancia
2011-09-15 18:14 ` Stephen Smalley
2011-09-15 19:12 ` [PATCH v5] Fix includes for userspace tools and libraries Guido Trentalancia
2011-09-15 20:00 ` Stephen Smalley
2011-09-15 20:32 ` Guido Trentalancia
2011-09-16 12:39 ` Stephen Smalley
2011-09-16 12:50 ` Guido Trentalancia
2011-09-17 20:48 ` [PATCH v6] " Guido Trentalancia
2011-09-15 19:37 ` [PATCH v5] " Guido Trentalancia
2011-09-15 17:15 ` [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue) Eric Paris
2011-09-13 19:42 ` [PATCH] " Guido Trentalancia
2011-09-13 17:08 ` [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule) Stephen Smalley
2011-09-09 17:31 ` [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule Guido Trentalancia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1316054641.23290.48.camel@vortex \
--to=guido@trentalancia.com \
--cc=eparis@parisplace.org \
--cc=eparis@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.