libsemanage-native: remove audit-native dependency

* native tools don't need audit support; * audit 2.3.2 or laters require kernel headers >= 2.6.30, this causes audit-native can't be built on some older distributions. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2014-01-20 05:15:43 -0500
committer: Xin Ouyang <xin.ouyang@windriver.com> 2014-01-20 18:28:11 +0800
commit: de0afbc8f434b235156e17234b72027840a821af (patch)
tree: cd6c635d39edd6c05f8f78eb4e5878501d23fe9f
parent: fccacdca9489ba605e3a84f313f820615df9bdaf (diff)
download: meta-selinux-de0afbc8f434b235156e17234b72027840a821af.tar.gz
4 files changed, 128 insertions, 0 deletions
diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index dfc3006..9424358 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -11,11 +11,14 @@ LICENSE = "LGPLv2.1+"
 inherit lib_package
 DEPENDS += "libsepol libselinux ustr bzip2 python bison-native flex-native"
+DEPENDS_class-target += "audit"
 PACKAGES += "${PN}-python"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
 FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
+EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y"
 do_compile_append() {
    oe_runmake pywrap \
            INCLUDEDIR='${STAGING_INCDIR}' \
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
new file mode 100644
index 0000000..575d3a6
--- /dev/null
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -0,0 +1,123 @@
+From 7d23189c4541124469aad24fe1719f2a24b4ca48 Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Mon, 20 Jan 2014 03:53:48 -0500
+Subject: [PATCH] libsemanage: allow to disable audit support
+Upstream-Status: Pending
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ src/Makefile        |   10 +++++++++-
+ src/seusers_local.c |   13 +++++++++++++
+ tests/Makefile      |   10 +++++++++-
+ 3 files changed, 31 insertions(+), 2 deletions(-)
+diff --git a/src/Makefile b/src/Makefile
+index 359d738..24dbf29 100644
+--- a/src/Makefile
+++ b/src/Makefile
+@@ -28,6 +28,14 @@ ifeq ($(DEBUG),1)
+        export LDFLAGS = -g
+ endif
+ 
+DISABLE_AUDIT ?= n
+ifeq ($(DISABLE_AUDIT),y)
+       LIBAUDIT =
+       CFLAGS += -DDISABLE_AUDIT
+else
+       LIBAUDIT = -laudit
+endif
+
+ LEX = flex
+ LFLAGS = -s
+ YACC = bison
+@@ -92,7 +100,7 @@ $(LIBA): $(OBJS)
+        $(RANLIB) $@
+ 
+ $(LIBSO): $(LOBJS)
+-       $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+       $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+        ln -sf $@ $(TARGET)
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+diff --git a/src/seusers_local.c b/src/seusers_local.c
+index 63ab40c..8bdc7da 100644
+--- a/src/seusers_local.c
+++ b/src/seusers_local.c
+@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
+ 
+ #include <sepol/policydb.h>
+ #include <sepol/context.h>
+
+#ifndef DISABLE_AUDIT
+ #include <libaudit.h>
+#endif
+
+ #include <errno.h>
+ #include "user_internal.h"
+ #include "seuser_internal.h"
+@@ -51,6 +55,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
+        return roles;
+ }
+ 
+#ifndef DISABLE_AUDIT
+ static int semanage_seuser_audit(semanage_handle_t * handle,
+                          const semanage_seuser_t * seuser,
+                          const semanage_seuser_t * previous,
+@@ -114,6 +119,7 @@ err:
+        free(proles);
+        return rc;
+ }
+#endif
+ 
+ int semanage_seuser_modify_local(semanage_handle_t * handle,
+                                 const semanage_seuser_key_t * key,
+@@ -157,8 +163,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
+        (void) semanage_seuser_query(handle, key, &previous);
+        handle->msg_callback = callback;
+        rc = dbase_modify(handle, dconfig, key, new);
+
+#ifndef DISABLE_AUDIT
+        if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0)
+                rc = -1;
+#endif
+ err:
+        if (previous)
+                semanage_seuser_free(previous);
+@@ -174,8 +183,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
+        dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+        rc = dbase_del(handle, dconfig, key);
+        semanage_seuser_query(handle, key, &seuser);
+
+#ifndef DISABLE_AUDIT
+        if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0)
+                rc = -1;
+#endif
+
+        if (seuser)
+                semanage_seuser_free(seuser);
+        return rc;
+diff --git a/tests/Makefile b/tests/Makefile
+index 418d701..7839db6 100644
+--- a/tests/Makefile
+++ b/tests/Makefile
+@@ -13,7 +13,15 @@ EXECUTABLE = libsemanage-tests
+ CC = gcc
+ CFLAGS = -c -g -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+ INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include
+-LDFLAGS = -lcunit -lustr -lbz2 -laudit
+DISABLE_AUDIT ?= n
+ifeq ($(DISABLE_AUDIT),y)
+       LIBAUDIT =
+       CFLAGS += -DDISABLE_AUDIT
+else
+       LIBAUDIT = -laudit
+endif
+
+LDFLAGS = -lcunit -lustr -lbz2 $(LIBAUDIT)
+ OBJECTS = $(SOURCES:.c=.o) 
+ 
+ all: $(EXECUTABLE) 
+-- 
+1.7.9.5
diff --git a/recipes-security/selinux/libsemanage_2.2.bb b/recipes-security/selinux/libsemanage_2.2.bb
index 4ee93c0..93daf9f 100644
--- a/recipes-security/selinux/libsemanage_2.2.bb
+++ b/recipes-security/selinux/libsemanage_2.2.bb
@@ -14,4 +14,5 @@ SRC_URI += "\
        file://libsemanage-fix-path-nologin.patch \
        file://libsemanage-drop-Wno-unused-but-set-variable.patch \
        file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
+        file://libsemanage-allow-to-disable-audit-support.patch \
        "
diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb
index c3799fd..a32ebc3 100644
--- a/recipes-security/selinux/libsemanage_git.bb
+++ b/recipes-security/selinux/libsemanage_git.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
        file://libsemanage-fix-path-nologin.patch \
        file://libsemanage-drop-Wno-unused-but-set-variable.patch \
        file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
+        file://libsemanage-allow-to-disable-audit-support.patch \
        "
author	Wenzong Fan <wenzong.fan@windriver.com>	2014-01-20 05:15:43 -0500
committer	Xin Ouyang <xin.ouyang@windriver.com>	2014-01-20 18:28:11 +0800
commit	de0afbc8f434b235156e17234b72027840a821af (patch)
tree	cd6c635d39edd6c05f8f78eb4e5878501d23fe9f
parent	fccacdca9489ba605e3a84f313f820615df9bdaf (diff)
download	meta-selinux-de0afbc8f434b235156e17234b72027840a821af.tar.gz

diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc index dfc3006..9424358 100644 --- a/recipes-security/selinux/libsemanage.inc +++ b/recipes-security/selinux/libsemanage.inc
@@ -11,11 +11,14 @@ LICENSE = "LGPLv2.1+"
11	inherit lib_package	11	inherit lib_package
12		12
13	DEPENDS += "libsepol libselinux ustr bzip2 python bison-native flex-native"	13	DEPENDS += "libsepol libselinux ustr bzip2 python bison-native flex-native"
		14	DEPENDS_class-target += "audit"
14		15
15	PACKAGES += "${PN}-python"	16	PACKAGES += "${PN}-python"
16	FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"	17	FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
17	FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"	18	FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
18		19
		20	EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y"
		21
19	do_compile_append() {	22	do_compile_append() {
20	oe_runmake pywrap \	23	oe_runmake pywrap \
21	INCLUDEDIR='${STAGING_INCDIR}' \	24	INCLUDEDIR='${STAGING_INCDIR}' \


diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch new file mode 100644 index 0000000..575d3a6 --- /dev/null +++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -0,0 +1,123 @@
		1	From 7d23189c4541124469aad24fe1719f2a24b4ca48 Mon Sep 17 00:00:00 2001
		2	From: Wenzong Fan <wenzong.fan@windriver.com>
		3	Date: Mon, 20 Jan 2014 03:53:48 -0500
		4	Subject: [PATCH] libsemanage: allow to disable audit support
		5
		6	Upstream-Status: Pending
		7
		8	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
		9	---
		10	src/Makefile \| 10 +++++++++-
		11	src/seusers_local.c \| 13 +++++++++++++
		12	tests/Makefile \| 10 +++++++++-
		13	3 files changed, 31 insertions(+), 2 deletions(-)
		14
		15	diff --git a/src/Makefile b/src/Makefile
		16	index 359d738..24dbf29 100644
		17	--- a/src/Makefile
		18	+++ b/src/Makefile
		19	@@ -28,6 +28,14 @@ ifeq ($(DEBUG),1)
		20	export LDFLAGS = -g
		21	endif
		22
		23	+DISABLE_AUDIT ?= n
		24	+ifeq ($(DISABLE_AUDIT),y)
		25	+ LIBAUDIT =
		26	+ CFLAGS += -DDISABLE_AUDIT
		27	+else
		28	+ LIBAUDIT = -laudit
		29	+endif
		30	+
		31	LEX = flex
		32	LFLAGS = -s
		33	YACC = bison
		34	@@ -92,7 +100,7 @@ $(LIBA): $(OBJS)
		35	$(RANLIB) $@
		36
		37	$(LIBSO): $(LOBJS)
		38	- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
		39	+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
		40	ln -sf $@ $(TARGET)
		41
		42	$(LIBPC): $(LIBPC).in ../VERSION
		43	diff --git a/src/seusers_local.c b/src/seusers_local.c
		44	index 63ab40c..8bdc7da 100644
		45	--- a/src/seusers_local.c
		46	+++ b/src/seusers_local.c
		47	@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
		48
		49	#include <sepol/policydb.h>
		50	#include <sepol/context.h>
		51	+
		52	+#ifndef DISABLE_AUDIT
		53	#include <libaudit.h>
		54	+#endif
		55	+
		56	#include <errno.h>
		57	#include "user_internal.h"
		58	#include "seuser_internal.h"
		59	@@ -51,6 +55,7 @@ static char semanage_user_roles(semanage_handle_t handle, const char *sename)
		60	return roles;
		61	}
		62
		63	+#ifndef DISABLE_AUDIT
		64	static int semanage_seuser_audit(semanage_handle_t * handle,
		65	const semanage_seuser_t * seuser,
		66	const semanage_seuser_t * previous,
		67	@@ -114,6 +119,7 @@ err:
		68	free(proles);
		69	return rc;
		70	}
		71	+#endif
		72
		73	int semanage_seuser_modify_local(semanage_handle_t * handle,
		74	const semanage_seuser_key_t * key,
		75	@@ -157,8 +163,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
		76	(void) semanage_seuser_query(handle, key, &previous);
		77	handle->msg_callback = callback;
		78	rc = dbase_modify(handle, dconfig, key, new);
		79	+
		80	+#ifndef DISABLE_AUDIT
		81	if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0)
		82	rc = -1;
		83	+#endif
		84	err:
		85	if (previous)
		86	semanage_seuser_free(previous);
		87	@@ -174,8 +183,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
		88	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
		89	rc = dbase_del(handle, dconfig, key);
		90	semanage_seuser_query(handle, key, &seuser);
		91	+
		92	+#ifndef DISABLE_AUDIT
		93	if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0)
		94	rc = -1;
		95	+#endif
		96	+
		97	if (seuser)
		98	semanage_seuser_free(seuser);
		99	return rc;
		100	diff --git a/tests/Makefile b/tests/Makefile
		101	index 418d701..7839db6 100644
		102	--- a/tests/Makefile
		103	+++ b/tests/Makefile
		104	@@ -13,7 +13,15 @@ EXECUTABLE = libsemanage-tests
		105	CC = gcc
		106	CFLAGS = -c -g -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
		107	INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include
		108	-LDFLAGS = -lcunit -lustr -lbz2 -laudit
		109	+DISABLE_AUDIT ?= n
		110	+ifeq ($(DISABLE_AUDIT),y)
		111	+ LIBAUDIT =
		112	+ CFLAGS += -DDISABLE_AUDIT
		113	+else
		114	+ LIBAUDIT = -laudit
		115	+endif
		116	+
		117	+LDFLAGS = -lcunit -lustr -lbz2 $(LIBAUDIT)
		118	OBJECTS = $(SOURCES:.c=.o)
		119
		120	all: $(EXECUTABLE)
		121	--
		122	1.7.9.5
		123


diff --git a/recipes-security/selinux/libsemanage_2.2.bb b/recipes-security/selinux/libsemanage_2.2.bb index 4ee93c0..93daf9f 100644 --- a/recipes-security/selinux/libsemanage_2.2.bb +++ b/recipes-security/selinux/libsemanage_2.2.bb
@@ -14,4 +14,5 @@ SRC_URI += "\
14	file://libsemanage-fix-path-nologin.patch \	14	file://libsemanage-fix-path-nologin.patch \
15	file://libsemanage-drop-Wno-unused-but-set-variable.patch \	15	file://libsemanage-drop-Wno-unused-but-set-variable.patch \
16	file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \	16	file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
		17	file://libsemanage-allow-to-disable-audit-support.patch \
17	"	18	"


diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb index c3799fd..a32ebc3 100644 --- a/recipes-security/selinux/libsemanage_git.bb +++ b/recipes-security/selinux/libsemanage_git.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
12	file://libsemanage-fix-path-nologin.patch \	12	file://libsemanage-fix-path-nologin.patch \
13	file://libsemanage-drop-Wno-unused-but-set-variable.patch \	13	file://libsemanage-drop-Wno-unused-but-set-variable.patch \
14	file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \	14	file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
		15	file://libsemanage-allow-to-disable-audit-support.patch \
15	"	16	"