From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue) From: Stephen Smalley To: Guido Trentalancia Cc: Eric Paris , Eric Paris , SELinux Mail List In-Reply-To: <1316054641.23290.48.camel@vortex> References: <1315587716.2170.16.camel@vortex> <1315588656.2170.26.camel@vortex> <1315832253.17035.5.camel@moss-pluto> <1315859373.2223.19.camel@vortex> <4E6E8149.30702@redhat.com> <1315917697.12522.1.camel@moss-pluto> <1315931495.2248.29.camel@vortex> <1315934421.12522.46.camel@moss-pluto> <1315938784.2218.14.camel@vortex> <1315939689.12522.51.camel@moss-pluto> <1315941501.2218.26.camel@vortex> <1315941958.12522.77.camel@moss-pluto> <1315942469.12522.81.camel@moss-pluto> <1315944244.2218.41.camel@vortex> <1315945618.2738.13.camel@localhost> <1315951507.2218.91.camel@vortex> <1316004965.26965.9.camel@moss-pluto> <1316054641.23290.48.camel@vortex> Content-Type: text/plain; charset="UTF-8" Date: Thu, 15 Sep 2011 08:56:25 -0400 Message-ID: <1316091385.16483.13.camel@moss-pluto> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thu, 2011-09-15 at 04:44 +0200, Guido Trentalancia wrote: > > The above will break when building checkpolicy separately. > > Yes it will. But it also avoids linking an existing old static library > when building from the whole git bundle. You can already avoid that problem by building with make DESTDIR=~/out install (which will then install libsepol.a under ~/out/usr/lib and use it rather than the system one when linking subsequent libraries and programs), so our current build procedure isn't broken, just the newly proposed one. > Before creating each release of the separate components, that piece of > patch could be reverted or otherwise a script could invoke sed on the > affected Makefiles. I don't see that as a maintainable solution. What other upstream projects patch their Makefiles before release and thus ship a different set of Makefiles than the ones they are using themselves for testing? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.