From b4b777458fa279831374aee049bacb7d117b9832 Mon Sep 17 00:00:00 2001 From: Aws Ismail Date: Fri, 10 Aug 2012 14:32:30 -0400 Subject: Fetch selinux-at module from gnulib repo [ CQID: WIND00365962 ] Rather than following the approach in findutils-with-selinux-gnulib.patch, the import-gnulib configuration was modified to enable fetching the latest updates related to selinux support. Specifically, selinux-at module is now in fetched in gnulib in order for it be used by findutils if selinux is enabled. Signed-off-by: Aws Ismail --- .../findutils-with-selinux-gnulib.patch | 1294 -------------------- .../findutils-with-selinux-supplemental.patch | 32 + .../findutils/findutils_4.4.2.bbappend | 11 +- 3 files changed, 41 insertions(+), 1296 deletions(-) delete mode 100644 recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-gnulib.patch create mode 100644 recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-supplemental.patch diff --git a/recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-gnulib.patch b/recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-gnulib.patch deleted file mode 100644 index 866ecdc..0000000 --- a/recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-gnulib.patch +++ /dev/null @@ -1,1294 +0,0 @@ -Subject: [PATCH] findutils: support selinux and gnulib - -Upstream-Status: Inappropriate [configuration] - -This is modified from a F13 SRPM patch. - -Once the selinux-at module appears on the list within import-gnulib.config, -this patch is no longer needed. - -Signed-off-by: Xin Ouyang ---- - aclocal.m4 | 2 + - gnulib/lib/Makefile.am | 44 +++++++ - gnulib/lib/at-func.c | 98 ++++++++++---- - gnulib/lib/getfilecon.c | 87 ++++++++++++ - gnulib/lib/openat.c | 285 ++++++++++++++++++++-------------------- - gnulib/lib/openat.h | 88 ++++++------- - gnulib/lib/se-context.in.h | 34 +++++ - gnulib/lib/se-selinux.in.h | 103 +++++++++++++++ - gnulib/lib/selinux-at.c | 72 ++++++++++ - gnulib/lib/selinux-at.h | 52 ++++++++ - gnulib/m4/gnulib-comp.m4 | 12 ++ - gnulib/m4/include_next.m4 | 29 +++- - gnulib/m4/selinux-context-h.m4 | 16 +++ - gnulib/m4/selinux-selinux-h.m4 | 57 ++++++++ - 14 files changed, 753 insertions(+), 226 deletions(-) - create mode 100644 gnulib/lib/getfilecon.c - create mode 100644 gnulib/lib/se-context.in.h - create mode 100644 gnulib/lib/se-selinux.in.h - create mode 100644 gnulib/lib/selinux-at.c - create mode 100644 gnulib/lib/selinux-at.h - create mode 100644 gnulib/m4/selinux-context-h.m4 - create mode 100644 gnulib/m4/selinux-selinux-h.m4 - -diff --git a/aclocal.m4 b/aclocal.m4 -index 1f97dda..61ad660 100644 ---- a/aclocal.m4 -+++ b/aclocal.m4 -@@ -1039,6 +1039,8 @@ m4_include([gnulib/m4/rpmatch.m4]) - m4_include([gnulib/m4/same.m4]) - m4_include([gnulib/m4/save-cwd.m4]) - m4_include([gnulib/m4/savedir.m4]) -+m4_include([gnulib/m4/selinux-context-h.m4]) -+m4_include([gnulib/m4/selinux-selinux-h.m4]) - m4_include([gnulib/m4/setenv.m4]) - m4_include([gnulib/m4/ssize_t.m4]) - m4_include([gnulib/m4/st_dm_mode.m4]) -diff --git a/gnulib/lib/Makefile.am b/gnulib/lib/Makefile.am -index 59ed5f2..7f105a9 100644 ---- a/gnulib/lib/Makefile.am -+++ b/gnulib/lib/Makefile.am -@@ -1007,6 +1007,50 @@ EXTRA_libgnulib_a_SOURCES += savedir.c - - ## end gnulib module savedir - -+## begin gnulib module selinux-at -+ -+ -+EXTRA_DIST += selinux-at.c selinux-at.h -+ -+EXTRA_libgnulib_a_SOURCES += selinux-at.c -+ -+## end gnulib module selinux-at -+ -+## begin gnulib module selinux-h -+ -+libgnulib_a_SOURCES += se-context.in.h se-selinux.in.h -+ -+BUILT_SOURCES += selinux/selinux.h -+selinux/selinux.h: se-selinux.in.h -+ $(AM_V_at)$(MKDIR_P) selinux -+ $(AM_V_GEN)rm -f $@-t $@ && \ -+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \ -+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \ -+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \ -+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \ -+ -e 's|@''NEXT_SELINUX_SELINUX_H''@|$(NEXT_SELINUX_SELINUX_H)|g' \ -+ < $(srcdir)/se-selinux.in.h; \ -+ } > $@-t && \ -+ chmod a-x $@-t && \ -+ mv $@-t $@ -+MOSTLYCLEANFILES += selinux/selinux.h selinux/selinux.h-t -+ -+BUILT_SOURCES += $(SELINUX_CONTEXT_H) -+selinux/context.h: se-context.in.h -+ $(AM_V_at)$(MKDIR_P) selinux -+ $(AM_V_GEN)rm -f $@-t $@ && \ -+ cp $(srcdir)/se-context.in.h $@-t && \ -+ chmod a-x $@-t && \ -+ mv $@-t $@ -+MOSTLYCLEANFILES += selinux/context.h selinux/context.h-t -+MOSTLYCLEANDIRS += selinux -+ -+EXTRA_DIST += getfilecon.c -+ -+EXTRA_libgnulib_a_SOURCES += getfilecon.c -+ -+## end gnulib module selinux-h -+ - ## begin gnulib module setenv - - -diff --git a/gnulib/lib/at-func.c b/gnulib/lib/at-func.c -index c7963fe..73be401 100644 ---- a/gnulib/lib/at-func.c -+++ b/gnulib/lib/at-func.c -@@ -1,5 +1,5 @@ - /* Define an at-style functions like fstatat, unlinkat, fchownat, etc. -- Copyright (C) 2006 Free Software Foundation, Inc. -+ Copyright (C) 2006, 2009 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -16,62 +16,106 @@ - - /* written by Jim Meyering */ - --#define CALL_FUNC(F) \ -- (AT_FUNC_USE_F1_COND \ -+#include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */ -+#include "openat.h" -+#include "openat-priv.h" -+#include "save-cwd.h" -+ -+#ifdef AT_FUNC_USE_F1_COND -+# define CALL_FUNC(F) \ -+ (flag == AT_FUNC_USE_F1_COND \ - ? AT_FUNC_F1 (F AT_FUNC_POST_FILE_ARGS) \ - : AT_FUNC_F2 (F AT_FUNC_POST_FILE_ARGS)) -+# define VALIDATE_FLAG(F) \ -+ if (flag & ~AT_FUNC_USE_F1_COND) \ -+ { \ -+ errno = EINVAL; \ -+ return FUNC_FAIL; \ -+ } -+#else -+# define CALL_FUNC(F) (AT_FUNC_F1 (F AT_FUNC_POST_FILE_ARGS)) -+# define VALIDATE_FLAG(F) /* empty */ -+#endif -+ -+#ifdef AT_FUNC_RESULT -+# define FUNC_RESULT AT_FUNC_RESULT -+#else -+# define FUNC_RESULT int -+#endif -+ -+#ifdef AT_FUNC_FAIL -+# define FUNC_FAIL AT_FUNC_FAIL -+#else -+# define FUNC_FAIL -1 -+#endif - --/* Call AT_FUNC_F1 or AT_FUNC_F2 (testing AT_FUNC_USE_F1_COND to -- determine which) to operate on FILE, which is in the directory -- open on descriptor FD. If possible, do it without changing the -+/* Call AT_FUNC_F1 to operate on FILE, which is in the directory -+ open on descriptor FD. If AT_FUNC_USE_F1_COND is defined to a value, -+ AT_FUNC_POST_FILE_PARAM_DECLS must inlude a parameter named flag; -+ call AT_FUNC_F2 if FLAG is 0 or fail if FLAG contains more bits than -+ AT_FUNC_USE_F1_COND. Return int and fail with -1 unless AT_FUNC_RESULT -+ or AT_FUNC_FAIL are defined. If possible, do it without changing the - working directory. Otherwise, resort to using save_cwd/fchdir, - then AT_FUNC_F?/restore_cwd. If either the save_cwd or the restore_cwd - fails, then give a diagnostic and exit nonzero. */ --int -+FUNC_RESULT - AT_FUNC_NAME (int fd, char const *file AT_FUNC_POST_FILE_PARAM_DECLS) - { -+ /* Be careful to choose names unlikely to conflict with -+ AT_FUNC_POST_FILE_PARAM_DECLS. */ - struct saved_cwd saved_cwd; - int saved_errno; -- int err; -+ FUNC_RESULT err; -+ -+ VALIDATE_FLAG (flag); - - if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file)) - return CALL_FUNC (file); - - { -- char buf[OPENAT_BUFFER_SIZE]; -- char *proc_file = openat_proc_name (buf, fd, file); -+ char proc_buf[OPENAT_BUFFER_SIZE]; -+ char *proc_file = openat_proc_name (proc_buf, fd, file); - if (proc_file) - { -- int proc_result = CALL_FUNC (proc_file); -- int proc_errno = errno; -- if (proc_file != buf) -- free (proc_file); -- /* If the syscall succeeds, or if it fails with an unexpected -- errno value, then return right away. Otherwise, fall through -- and resort to using save_cwd/restore_cwd. */ -- if (0 <= proc_result) -- return proc_result; -- if (! EXPECTED_ERRNO (proc_errno)) -- { -- errno = proc_errno; -- return proc_result; -- } -+ FUNC_RESULT proc_result = CALL_FUNC (proc_file); -+ int proc_errno = errno; -+ if (proc_file != proc_buf) -+ free (proc_file); -+ /* If the syscall succeeds, or if it fails with an unexpected -+ errno value, then return right away. Otherwise, fall through -+ and resort to using save_cwd/restore_cwd. */ -+ if (FUNC_FAIL != proc_result) -+ return proc_result; -+ if (! EXPECTED_ERRNO (proc_errno)) -+ { -+ errno = proc_errno; -+ return proc_result; -+ } - } - } - - if (save_cwd (&saved_cwd) != 0) - openat_save_fail (errno); -+ if (0 <= fd && fd == saved_cwd.desc) -+ { -+ /* If saving the working directory collides with the user's -+ requested fd, then the user's fd must have been closed to -+ begin with. */ -+ free_cwd (&saved_cwd); -+ errno = EBADF; -+ return FUNC_FAIL; -+ } - - if (fchdir (fd) != 0) - { - saved_errno = errno; - free_cwd (&saved_cwd); - errno = saved_errno; -- return -1; -+ return FUNC_FAIL; - } - - err = CALL_FUNC (file); -- saved_errno = (err < 0 ? errno : 0); -+ saved_errno = (err == FUNC_FAIL ? errno : 0); - - if (restore_cwd (&saved_cwd) != 0) - openat_restore_fail (errno); -@@ -83,3 +127,5 @@ AT_FUNC_NAME (int fd, char const *file AT_FUNC_POST_FILE_PARAM_DECLS) - return err; - } - #undef CALL_FUNC -+#undef FUNC_RESULT -+#undef FUNC_FAIL -diff --git a/gnulib/lib/getfilecon.c b/gnulib/lib/getfilecon.c -new file mode 100644 -index 0000000..d712307 ---- /dev/null -+++ b/gnulib/lib/getfilecon.c -@@ -0,0 +1,87 @@ -+/* wrap getfilecon, lgetfilecon, and fgetfilecon -+ Copyright (C) 2009 Free Software Foundation, Inc. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3, or (at your option) -+ any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software Foundation, -+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -+ -+/* written by Jim Meyering */ -+ -+#include -+ -+#include -+ -+#include -+#include -+#include -+ -+/* FIXME: remove this once there is an errno-gnu module -+ that guarantees the definition of ENODATA. */ -+#ifndef ENODATA -+# define ENODATA ENOTSUP -+#endif -+ -+#undef getfilecon -+#undef lgetfilecon -+#undef fgetfilecon -+int getfilecon (char const *file, security_context_t *con); -+int lgetfilecon (char const *file, security_context_t *con); -+int fgetfilecon (int fd, security_context_t *con); -+ -+/* getfilecon, lgetfilecon, and fgetfilecon can all misbehave, be it -+ via an old version of libselinux where these would return 0 and set the -+ result context to NULL, or via a modern kernel+lib operating on a file -+ from a disk whose attributes were set by a kernel from around 2006. -+ In that latter case, the functions return a length of 10 for the -+ "unlabeled" context. Map both failures to a return value of -1, and -+ set errno to ENOTSUP in the first case, and ENODATA in the latter. */ -+ -+static inline int -+map_to_failure (int ret, security_context_t *con) -+{ -+ if (ret == 0) -+ { -+ errno = ENOTSUP; -+ return -1; -+ } -+ -+ if (ret == 10 && strcmp (*con, "unlabeled") == 0) -+ { -+ freecon (*con); -+ errno = ENODATA; -+ return -1; -+ } -+ -+ return ret; -+} -+ -+int -+rpl_getfilecon (char const *file, security_context_t *con) -+{ -+ int ret = getfilecon (file, con); -+ return map_to_failure (ret, con); -+} -+ -+int -+rpl_lgetfilecon (char const *file, security_context_t *con) -+{ -+ int ret = lgetfilecon (file, con); -+ return map_to_failure (ret, con); -+} -+ -+int -+rpl_fgetfilecon (int fd, security_context_t *con) -+{ -+ int ret = fgetfilecon (fd, con); -+ return map_to_failure (ret, con); -+} -diff --git a/gnulib/lib/openat.c b/gnulib/lib/openat.c -index 73f24b0..2b15bb5 100644 ---- a/gnulib/lib/openat.c -+++ b/gnulib/lib/openat.c -@@ -1,5 +1,5 @@ - /* provide a replacement openat function -- Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. -+ Copyright (C) 2004-2009 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -22,13 +22,108 @@ - - #include - #include -+#include -+#include - - #include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */ --#include "fcntl--.h" --#include "lstat.h" - #include "openat-priv.h" - #include "save-cwd.h" - -+#if HAVE_OPENAT -+ -+# undef openat -+ -+/* Like openat, but work around Solaris 9 bugs with trailing slash. */ -+int -+rpl_openat (int dfd, char const *filename, int flags, ...) -+{ -+ mode_t mode; -+ int fd; -+ -+ mode = 0; -+ if (flags & O_CREAT) -+ { -+ va_list arg; -+ va_start (arg, flags); -+ -+ /* We have to use PROMOTED_MODE_T instead of mode_t, otherwise GCC 4 -+ creates crashing code when 'mode_t' is smaller than 'int'. */ -+ mode = va_arg (arg, PROMOTED_MODE_T); -+ -+ va_end (arg); -+ } -+ -+#if OPEN_TRAILING_SLASH_BUG -+ /* If the filename ends in a slash and one of O_CREAT, O_WRONLY, O_RDWR -+ is specified, then fail. -+ Rationale: POSIX -+ says that -+ "A pathname that contains at least one non-slash character and that -+ ends with one or more trailing slashes shall be resolved as if a -+ single dot character ( '.' ) were appended to the pathname." -+ and -+ "The special filename dot shall refer to the directory specified by -+ its predecessor." -+ If the named file already exists as a directory, then -+ - if O_CREAT is specified, open() must fail because of the semantics -+ of O_CREAT, -+ - if O_WRONLY or O_RDWR is specified, open() must fail because POSIX -+ says that it -+ fails with errno = EISDIR in this case. -+ If the named file does not exist or does not name a directory, then -+ - if O_CREAT is specified, open() must fail since open() cannot create -+ directories, -+ - if O_WRONLY or O_RDWR is specified, open() must fail because the -+ file does not contain a '.' directory. */ -+ if (flags & (O_CREAT | O_WRONLY | O_RDWR)) -+ { -+ size_t len = strlen (filename); -+ if (len > 0 && filename[len - 1] == '/') -+ { -+ errno = EISDIR; -+ return -1; -+ } -+ } -+#endif -+ -+ fd = openat (dfd, filename, flags, mode); -+ -+#if OPEN_TRAILING_SLASH_BUG -+ /* If the filename ends in a slash and fd does not refer to a directory, -+ then fail. -+ Rationale: POSIX -+ says that -+ "A pathname that contains at least one non-slash character and that -+ ends with one or more trailing slashes shall be resolved as if a -+ single dot character ( '.' ) were appended to the pathname." -+ and -+ "The special filename dot shall refer to the directory specified by -+ its predecessor." -+ If the named file without the slash is not a directory, open() must fail -+ with ENOTDIR. */ -+ if (fd >= 0) -+ { -+ /* We know len is positive, since open did not fail with ENOENT. */ -+ size_t len = strlen (filename); -+ if (filename[len - 1] == '/') -+ { -+ struct stat statbuf; -+ -+ if (fstat (fd, &statbuf) >= 0 && !S_ISDIR (statbuf.st_mode)) -+ { -+ close (fd); -+ errno = ENOTDIR; -+ return -1; -+ } -+ } -+ } -+#endif -+ -+ return fd; -+} -+ -+#else /* !HAVE_OPENAT */ -+ - /* Replacement for Solaris' openat function. - - First, try to simulate it via open ("/proc/self/fd/FD/FILE"). -@@ -47,12 +142,9 @@ openat (int fd, char const *file, int flags, ...) - va_list arg; - va_start (arg, flags); - -- /* If mode_t is narrower than int, use the promoted type (int), -- not mode_t. Use sizeof to guess whether mode_t is narrower; -- we don't know of any practical counterexamples. */ -- mode = (sizeof (mode_t) < sizeof (int) -- ? va_arg (arg, int) -- : va_arg (arg, mode_t)); -+ /* We have to use PROMOTED_MODE_T instead of mode_t, otherwise GCC 4 -+ creates crashing code when 'mode_t' is smaller than 'int'. */ -+ mode = va_arg (arg, PROMOTED_MODE_T); - - va_end (arg); - } -@@ -73,7 +165,7 @@ openat (int fd, char const *file, int flags, ...) - - int - openat_permissive (int fd, char const *file, int flags, mode_t mode, -- int *cwd_errno) -+ int *cwd_errno) - { - struct saved_cwd saved_cwd; - int saved_errno; -@@ -88,18 +180,18 @@ openat_permissive (int fd, char const *file, int flags, mode_t mode, - char *proc_file = openat_proc_name (buf, fd, file); - if (proc_file) - { -- int open_result = open (proc_file, flags, mode); -- int open_errno = errno; -- if (proc_file != buf) -- free (proc_file); -- /* If the syscall succeeds, or if it fails with an unexpected -- errno value, then return right away. Otherwise, fall through -- and resort to using save_cwd/restore_cwd. */ -- if (0 <= open_result || ! EXPECTED_ERRNO (open_errno)) -- { -- errno = open_errno; -- return open_result; -- } -+ int open_result = open (proc_file, flags, mode); -+ int open_errno = errno; -+ if (proc_file != buf) -+ free (proc_file); -+ /* If the syscall succeeds, or if it fails with an unexpected -+ errno value, then return right away. Otherwise, fall through -+ and resort to using save_cwd/restore_cwd. */ -+ if (0 <= open_result || ! EXPECTED_ERRNO (open_errno)) -+ { -+ errno = open_errno; -+ return open_result; -+ } - } - } - -@@ -107,9 +199,18 @@ openat_permissive (int fd, char const *file, int flags, mode_t mode, - if (! save_ok) - { - if (! cwd_errno) -- openat_save_fail (errno); -+ openat_save_fail (errno); - *cwd_errno = errno; - } -+ if (0 <= fd && fd == saved_cwd.desc) -+ { -+ /* If saving the working directory collides with the user's -+ requested fd, then the user's fd must have been closed to -+ begin with. */ -+ free_cwd (&saved_cwd); -+ errno = EBADF; -+ return -1; -+ } - - err = fchdir (fd); - saved_errno = errno; -@@ -119,11 +220,17 @@ openat_permissive (int fd, char const *file, int flags, mode_t mode, - err = open (file, flags, mode); - saved_errno = errno; - if (save_ok && restore_cwd (&saved_cwd) != 0) -- { -- if (! cwd_errno) -- openat_restore_fail (errno); -- *cwd_errno = errno; -- } -+ { -+ if (! cwd_errno) -+ { -+ /* Don't write a message to just-created fd 2. */ -+ saved_errno = errno; -+ if (err == STDERR_FILENO) -+ close (err); -+ openat_restore_fail (saved_errno); -+ } -+ *cwd_errno = errno; -+ } - } - - free_cwd (&saved_cwd); -@@ -144,125 +251,15 @@ openat_needs_fchdir (void) - char buf[OPENAT_BUFFER_SIZE]; - char *proc_file = openat_proc_name (buf, fd, "."); - if (proc_file) -- { -- needs_fchdir = false; -- if (proc_file != buf) -- free (proc_file); -- } -+ { -+ needs_fchdir = false; -+ if (proc_file != buf) -+ free (proc_file); -+ } - close (fd); - } - - return needs_fchdir; - } - --#if !HAVE_FDOPENDIR -- --/* Replacement for Solaris' function by the same name. -- -- First, try to simulate it via opendir ("/proc/self/fd/FD"). Failing -- that, simulate it by doing save_cwd/fchdir/opendir(".")/restore_cwd. -- If either the save_cwd or the restore_cwd fails (relatively unlikely), -- then give a diagnostic and exit nonzero. -- Otherwise, this function works just like Solaris' fdopendir. -- -- W A R N I N G: -- Unlike the other fd-related functions here, this one -- effectively consumes its FD parameter. The caller should not -- close or otherwise manipulate FD if this function returns successfully. */ --DIR * --fdopendir (int fd) --{ -- struct saved_cwd saved_cwd; -- int saved_errno; -- DIR *dir; -- -- char buf[OPENAT_BUFFER_SIZE]; -- char *proc_file = openat_proc_name (buf, fd, "."); -- if (proc_file) -- { -- dir = opendir (proc_file); -- saved_errno = errno; -- } -- else -- { -- dir = NULL; -- saved_errno = EOPNOTSUPP; -- } -- -- /* If the syscall fails with an expected errno value, resort to -- save_cwd/restore_cwd. */ -- if (! dir && EXPECTED_ERRNO (saved_errno)) -- { -- if (save_cwd (&saved_cwd) != 0) -- openat_save_fail (errno); -- -- if (fchdir (fd) != 0) -- { -- dir = NULL; -- saved_errno = errno; -- } -- else -- { -- dir = opendir ("."); -- saved_errno = errno; -- -- if (restore_cwd (&saved_cwd) != 0) -- openat_restore_fail (errno); -- } -- -- free_cwd (&saved_cwd); -- } -- -- if (dir) -- close (fd); -- if (proc_file != buf) -- free (proc_file); -- errno = saved_errno; -- return dir; --} -- --#endif -- --/* Replacement for Solaris' function by the same name. -- -- First, try to simulate it via l?stat ("/proc/self/fd/FD/FILE"). -- Failing that, simulate it via save_cwd/fchdir/(stat|lstat)/restore_cwd. -- If either the save_cwd or the restore_cwd fails (relatively unlikely), -- then give a diagnostic and exit nonzero. -- Otherwise, this function works just like Solaris' fstatat. */ -- --#define AT_FUNC_NAME fstatat --#define AT_FUNC_F1 lstat --#define AT_FUNC_F2 stat --#define AT_FUNC_USE_F1_COND flag == AT_SYMLINK_NOFOLLOW --#define AT_FUNC_POST_FILE_PARAM_DECLS , struct stat *st, int flag --#define AT_FUNC_POST_FILE_ARGS , st --#include "at-func.c" --#undef AT_FUNC_NAME --#undef AT_FUNC_F1 --#undef AT_FUNC_F2 --#undef AT_FUNC_USE_F1_COND --#undef AT_FUNC_POST_FILE_PARAM_DECLS --#undef AT_FUNC_POST_FILE_ARGS -- --/* Replacement for Solaris' function by the same name. -- -- First, try to simulate it via (unlink|rmdir) ("/proc/self/fd/FD/FILE"). -- Failing that, simulate it via save_cwd/fchdir/(unlink|rmdir)/restore_cwd. -- If either the save_cwd or the restore_cwd fails (relatively unlikely), -- then give a diagnostic and exit nonzero. -- Otherwise, this function works just like Solaris' unlinkat. */ -- --#define AT_FUNC_NAME unlinkat --#define AT_FUNC_F1 rmdir --#define AT_FUNC_F2 unlink --#define AT_FUNC_USE_F1_COND flag == AT_REMOVEDIR --#define AT_FUNC_POST_FILE_PARAM_DECLS , int flag --#define AT_FUNC_POST_FILE_ARGS /* empty */ --#include "at-func.c" --#undef AT_FUNC_NAME --#undef AT_FUNC_F1 --#undef AT_FUNC_F2 --#undef AT_FUNC_USE_F1_COND --#undef AT_FUNC_POST_FILE_PARAM_DECLS --#undef AT_FUNC_POST_FILE_ARGS -+#endif /* !HAVE_OPENAT */ -diff --git a/gnulib/lib/openat.h b/gnulib/lib/openat.h -index b5e4f11..433b998 100644 ---- a/gnulib/lib/openat.h -+++ b/gnulib/lib/openat.h -@@ -1,5 +1,5 @@ - /* provide a replacement openat function -- Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. -+ Copyright (C) 2004-2006, 2008-2009 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -16,6 +16,9 @@ - - /* written by Jim Meyering */ - -+#ifndef _GL_HEADER_OPENAT -+#define _GL_HEADER_OPENAT -+ - #include - - #include -@@ -25,7 +28,7 @@ - #include - - #ifndef __attribute__ --# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__ -+# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) - # define __attribute__(x) /* empty */ - # endif - #endif -@@ -34,46 +37,10 @@ - # define ATTRIBUTE_NORETURN __attribute__ ((__noreturn__)) - #endif - --/* Work around a bug in Solaris 9 and 10: AT_FDCWD is positive. Its -- value exceeds INT_MAX, so its use as an int doesn't conform to the -- C standard, and GCC and Sun C complain in some cases. If the bug -- is present, undef AT_FDCWD here, so it can be redefined below. */ --#if 0 < AT_FDCWD && AT_FDCWD == 0xffd19553 --# undef AT_FDCWD --#endif -- --/* Use the same bit pattern as Solaris 9, but with the proper -- signedness. The bit pattern is important, in case this actually is -- Solaris with the above workaround. */ --#ifndef AT_FDCWD --# define AT_FDCWD (-3041965) --#endif -- --/* Use the same values as Solaris 9. This shouldn't matter, but -- there's no real reason to differ. */ --#ifndef AT_SYMLINK_NOFOLLOW --# define AT_SYMLINK_NOFOLLOW 4096 --# define AT_REMOVEDIR 1 --#endif -- --#ifdef __OPENAT_PREFIX -+#if !HAVE_OPENAT - --# undef openat --# define __OPENAT_CONCAT(x, y) x ## y --# define __OPENAT_XCONCAT(x, y) __OPENAT_CONCAT (x, y) --# define __OPENAT_ID(y) __OPENAT_XCONCAT (__OPENAT_PREFIX, y) --# define openat __OPENAT_ID (openat) --int openat (int fd, char const *file, int flags, /* mode_t mode */ ...); - int openat_permissive (int fd, char const *file, int flags, mode_t mode, - int *cwd_errno); --# if ! HAVE_FDOPENDIR --# define fdopendir __OPENAT_ID (fdopendir) --# endif --DIR *fdopendir (int fd); --# define fstatat __OPENAT_ID (fstatat) --int fstatat (int fd, char const *file, struct stat *st, int flag); --# define unlinkat __OPENAT_ID (unlinkat) --int unlinkat (int fd, char const *file, int flag); - bool openat_needs_fchdir (void); - - #else -@@ -84,19 +51,8 @@ bool openat_needs_fchdir (void); - - #endif - --#if HAVE_OPENAT && ! LSTAT_FOLLOWS_SLASHED_SYMLINK --int rpl_fstatat (int fd, char const *file, struct stat *st, int flag); --# if !COMPILING_FSTATAT --# undef fstatat --# define fstatat rpl_fstatat --# endif --#endif -- --int mkdirat (int fd, char const *file, mode_t mode); - void openat_restore_fail (int) ATTRIBUTE_NORETURN; - void openat_save_fail (int) ATTRIBUTE_NORETURN; --int fchmodat (int fd, char const *file, mode_t mode, int flag); --int fchownat (int fd, char const *file, uid_t owner, gid_t group, int flag); - - /* Using these function names makes application code - slightly more readable than it would be with -@@ -124,3 +80,35 @@ lchmodat (int fd, char const *file, mode_t mode) - { - return fchmodat (fd, file, mode, AT_SYMLINK_NOFOLLOW); - } -+ -+static inline int -+statat (int fd, char const *name, struct stat *st) -+{ -+ return fstatat (fd, name, st, 0); -+} -+ -+static inline int -+lstatat (int fd, char const *name, struct stat *st) -+{ -+ return fstatat (fd, name, st, AT_SYMLINK_NOFOLLOW); -+} -+ -+#if GNULIB_FACCESSAT -+/* For now, there are no wrappers named laccessat or leuidaccessat, -+ since gnulib doesn't support faccessat(,AT_SYMLINK_NOFOLLOW) and -+ since access rights on symlinks are of limited utility. */ -+ -+static inline int -+accessat (int fd, char const *file, int mode) -+{ -+ return faccessat (fd, file, mode, 0); -+} -+ -+static inline int -+euidaccessat (int fd, char const *file, int mode) -+{ -+ return faccessat (fd, file, mode, AT_EACCESS); -+} -+#endif -+ -+#endif /* _GL_HEADER_OPENAT */ -diff --git a/gnulib/lib/se-context.in.h b/gnulib/lib/se-context.in.h -new file mode 100644 -index 0000000..a34a7fb ---- /dev/null -+++ b/gnulib/lib/se-context.in.h -@@ -0,0 +1,34 @@ -+#ifndef SELINUX_CONTEXT_H -+# define SELINUX_CONTEXT_H -+ -+# include -+ -+#ifndef _GL_UNUSED_PARAMETER -+# if __GNUC__ >= 3 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7) -+# define _GL_UNUSED_PARAMETER __attribute__ ((__unused__)) -+# else -+# define _GL_UNUSED_PARAMETER -+# endif -+#endif -+ -+typedef int context_t; -+static inline context_t context_new (char const *s _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return 0; } -+static inline char *context_str (context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return (void *) 0; } -+static inline void context_free (context_t c _GL_UNUSED_PARAMETER) {} -+ -+static inline int context_user_set (context_t sc _GL_UNUSED_PARAMETER, -+ char const *s _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int context_role_set (context_t sc _GL_UNUSED_PARAMETER, -+ char const *s _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int context_range_set (context_t sc _GL_UNUSED_PARAMETER, -+ char const *s _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int context_type_set (context_t sc _GL_UNUSED_PARAMETER, -+ char const *s _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+ -+#endif -diff --git a/gnulib/lib/se-selinux.in.h b/gnulib/lib/se-selinux.in.h -new file mode 100644 -index 0000000..d683101 ---- /dev/null -+++ b/gnulib/lib/se-selinux.in.h -@@ -0,0 +1,103 @@ -+/* Replacement for platforms that lack it. -+ Copyright (C) 2008-2011 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . */ -+ -+#ifndef _GL_SELINUX_SELINUX_H -+# define _GL_SELINUX_SELINUX_H -+ -+# if __GNUC__ >= 3 -+@PRAGMA_SYSTEM_HEADER@ -+# endif -+@PRAGMA_COLUMNS@ -+ -+# if HAVE_SELINUX_SELINUX_H -+ -+#@INCLUDE_NEXT@ @NEXT_SELINUX_SELINUX_H@ -+ -+# else -+ -+# include -+# include -+ -+#ifndef _GL_UNUSED_PARAMETER -+# if __GNUC__ >= 3 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7) -+# define _GL_UNUSED_PARAMETER __attribute__ ((__unused__)) -+# else -+# define _GL_UNUSED_PARAMETER -+# endif -+#endif -+ -+# if !GNULIB_defined_security_types -+ -+typedef unsigned short security_class_t; -+# define security_context_t char* -+# define is_selinux_enabled() 0 -+ -+static inline int getcon (security_context_t *con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline void freecon (security_context_t con _GL_UNUSED_PARAMETER) {} -+ -+ -+static inline int getfscreatecon (security_context_t *con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int setfscreatecon (security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int matchpathcon (char const *file _GL_UNUSED_PARAMETER, -+ mode_t m _GL_UNUSED_PARAMETER, -+ security_context_t *con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int getfilecon (char const *file _GL_UNUSED_PARAMETER, -+ security_context_t *con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int lgetfilecon (char const *file _GL_UNUSED_PARAMETER, -+ security_context_t *con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int fgetfilecon (int fd, -+ security_context_t *con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int setfilecon (char const *file _GL_UNUSED_PARAMETER, -+ security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int lsetfilecon (char const *file _GL_UNUSED_PARAMETER, -+ security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int fsetfilecon (int fd _GL_UNUSED_PARAMETER, -+ security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+ -+static inline int security_check_context -+ (security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int security_check_context_raw -+ (security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int setexeccon (security_context_t con _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int security_compute_create -+ (security_context_t scon _GL_UNUSED_PARAMETER, -+ security_context_t tcon _GL_UNUSED_PARAMETER, -+ security_class_t tclass _GL_UNUSED_PARAMETER, -+ security_context_t *newcon _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+static inline int matchpathcon_init_prefix -+ (char const *path _GL_UNUSED_PARAMETER, -+ char const *prefix _GL_UNUSED_PARAMETER) -+ { errno = ENOTSUP; return -1; } -+ -+# define GNULIB_defined_security_types 1 -+# endif -+ -+# endif -+#endif /* _GL_SELINUX_SELINUX_H */ -diff --git a/gnulib/lib/selinux-at.c b/gnulib/lib/selinux-at.c -new file mode 100644 -index 0000000..65f938b ---- /dev/null -+++ b/gnulib/lib/selinux-at.c -@@ -0,0 +1,72 @@ -+/* openat-style fd-relative functions for SE Linux -+ Copyright (C) 2007, 2009 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation, either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . */ -+ -+/* written by Jim Meyering */ -+ -+#include -+ -+#include "selinux-at.h" -+#include "openat.h" -+ -+#include -+#include -+#include -+#include -+ -+#include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */ -+#include "save-cwd.h" -+ -+#include "openat-priv.h" -+ -+#define AT_FUNC_NAME getfileconat -+#define AT_FUNC_F1 getfilecon -+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con -+#define AT_FUNC_POST_FILE_ARGS , con -+#include "at-func.c" -+#undef AT_FUNC_NAME -+#undef AT_FUNC_F1 -+#undef AT_FUNC_POST_FILE_PARAM_DECLS -+#undef AT_FUNC_POST_FILE_ARGS -+ -+#define AT_FUNC_NAME lgetfileconat -+#define AT_FUNC_F1 lgetfilecon -+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con -+#define AT_FUNC_POST_FILE_ARGS , con -+#include "at-func.c" -+#undef AT_FUNC_NAME -+#undef AT_FUNC_F1 -+#undef AT_FUNC_POST_FILE_PARAM_DECLS -+#undef AT_FUNC_POST_FILE_ARGS -+ -+#define AT_FUNC_NAME setfileconat -+#define AT_FUNC_F1 setfilecon -+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con -+#define AT_FUNC_POST_FILE_ARGS , con -+#include "at-func.c" -+#undef AT_FUNC_NAME -+#undef AT_FUNC_F1 -+#undef AT_FUNC_POST_FILE_PARAM_DECLS -+#undef AT_FUNC_POST_FILE_ARGS -+ -+#define AT_FUNC_NAME lsetfileconat -+#define AT_FUNC_F1 lsetfilecon -+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con -+#define AT_FUNC_POST_FILE_ARGS , con -+#include "at-func.c" -+#undef AT_FUNC_NAME -+#undef AT_FUNC_F1 -+#undef AT_FUNC_POST_FILE_PARAM_DECLS -+#undef AT_FUNC_POST_FILE_ARGS -diff --git a/gnulib/lib/selinux-at.h b/gnulib/lib/selinux-at.h -new file mode 100644 -index 0000000..1d84c19 ---- /dev/null -+++ b/gnulib/lib/selinux-at.h -@@ -0,0 +1,52 @@ -+/* Prototypes for openat-style fd-relative SELinux functions -+ Copyright (C) 2007, 2009 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation, either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . */ -+ -+#include -+#include -+ -+/* These are the dir-fd-relative variants of the functions without the -+ "at" suffix. For example, getfileconat (AT_FDCWD, file, &c) is usually -+ equivalent to getfilecon (file, &c). The emulation is accomplished -+ by first attempting getfilecon ("/proc/self/fd/DIR_FD/FILE", &c). -+ Failing that, simulate it via save_cwd/fchdir/getfilecon/restore_cwd. -+ If either the save_cwd or the restore_cwd fails (relatively unlikely), -+ then give a diagnostic and exit nonzero. */ -+ -+/* dir-fd-relative getfilecon. Set *CON to the SELinux security context -+ of the file specified by DIR_FD and FILE and return the length of *CON. -+ DIR_FD and FILE are interpreted as for fstatat[*]. A non-NULL *CON -+ must be freed with freecon. Upon error, set *CON to NULL, set errno -+ and return -1. -+ [*] with flags=0 here, with flags=AT_SYMLINK_NOFOLLOW for lgetfileconat */ -+int getfileconat (int dir_fd, char const *file, security_context_t *con); -+ -+/* dir-fd-relative lgetfilecon. This function is just like getfileconat, -+ except when DIR_FD and FILE specify a symlink: lgetfileconat operates on -+ the symlink, while getfileconat operates on the referent of the symlink. */ -+int lgetfileconat (int dir_fd, char const *file, security_context_t *con); -+ -+/* dir-fd-relative setfilecon. Set the SELinux security context of -+ the file specified by DIR_FD and FILE to CON. DIR_FD and FILE are -+ interpreted as for fstatat[*]. Upon success, return 0. -+ Otherwise, return -1 and set errno. */ -+int setfileconat (int dir_fd, char const *file, security_context_t con); -+ -+/* dir-fd-relative lsetfilecon. This function is just like setfileconat, -+ except that rather than dereferencing a symlink, this function affects it. */ -+/* dir-fd-relative lsetfilecon. This function is just like setfileconat, -+ except when DIR_FD and FILE specify a symlink: lsetfileconat operates on -+ the symlink, while setfileconat operates on the referent of the symlink. */ -+int lsetfileconat (int dir_fd, char const *file, security_context_t con); -diff --git a/gnulib/m4/gnulib-comp.m4 b/gnulib/m4/gnulib-comp.m4 -index 1efe223..87f11dd 100644 ---- a/gnulib/m4/gnulib-comp.m4 -+++ b/gnulib/m4/gnulib-comp.m4 -@@ -165,6 +165,11 @@ AC_DEFUN([gl_INIT], - gl_SAME - gl_SAVE_CWD - gl_SAVEDIR -+ AC_CHECK_HEADERS([selinux/flask.h]) -+ AC_LIBOBJ([selinux-at]) -+ gl_HEADERS_SELINUX_SELINUX_H -+ gl_HEADERS_SELINUX_CONTEXT_H -+ AC_REQUIRE([AC_C_INLINE]) - gl_FUNC_SETENV - gl_FUNC_UNSETENV - gt_TYPE_SSIZE_T -@@ -425,6 +430,7 @@ AC_DEFUN([gl_FILE_LIST], [ - lib/getdate.h - lib/getdate.y - lib/getdelim.c -+ lib/getfilecon.c - lib/getline.c - lib/getopt.c - lib/getopt.in.h -@@ -506,6 +512,10 @@ AC_DEFUN([gl_FILE_LIST], [ - lib/save-cwd.h - lib/savedir.c - lib/savedir.h -+ lib/se-context.in.h -+ lib/se-selinux.in.h -+ lib/selinux-at.c -+ lib/selinux-at.h - lib/setenv.c - lib/setenv.h - lib/stat-macros.h -@@ -688,6 +698,8 @@ AC_DEFUN([gl_FILE_LIST], [ - m4/same.m4 - m4/save-cwd.m4 - m4/savedir.m4 -+ m4/selinux-context-h.m4 -+ m4/selinux-selinux-h.m4 - m4/setenv.m4 - m4/size_max.m4 - m4/ssize_t.m4 -diff --git a/gnulib/m4/include_next.m4 b/gnulib/m4/include_next.m4 -index 7ce472b..79edd7c 100644 ---- a/gnulib/m4/include_next.m4 -+++ b/gnulib/m4/include_next.m4 -@@ -36,18 +36,35 @@ EOF - CPPFLAGS="$save_CPPFLAGS" - rm -rf conftestd1 conftestd2 - ]) -+ PRAGMA_SYSTEM_HEADER= - if test $gl_cv_have_include_next = yes; then -- -- dnl FIXME: Remove HAVE_INCLUDE_NEXT and update everything that uses it -- dnl to use @INCLUDE_NEXT@ instead. -- AC_DEFINE([HAVE_INCLUDE_NEXT], 1, -- [Define if your compiler supports the #include_next directive.]) -- - INCLUDE_NEXT=include_next -+ if test -n "$GCC"; then -+ PRAGMA_SYSTEM_HEADER='#pragma GCC system_header' -+ fi - else - INCLUDE_NEXT=include - fi - AC_SUBST([INCLUDE_NEXT]) -+ AC_SUBST([PRAGMA_SYSTEM_HEADER]) -+ AC_CACHE_CHECK([whether system header files limit the line length], -+ [gl_cv_pragma_columns], -+ [dnl HP NonStop systems, which define __TANDEM, have this misfeature. -+ AC_EGREP_CPP([choke me], -+ [ -+#ifdef __TANDEM -+choke me -+#endif -+ ], -+ [gl_cv_pragma_columns=yes], -+ [gl_cv_pragma_columns=no]) -+ ]) -+ if test $gl_cv_pragma_columns = yes; then -+ PRAGMA_COLUMNS="#pragma COLUMNS 10000" -+ else -+ PRAGMA_COLUMNS= -+ fi -+ AC_SUBST([PRAGMA_COLUMNS]) - ]) - - # gl_CHECK_NEXT_HEADERS(HEADER1 HEADER2 ...) -diff --git a/gnulib/m4/selinux-context-h.m4 b/gnulib/m4/selinux-context-h.m4 -new file mode 100644 -index 0000000..6b0bed1 ---- /dev/null -+++ b/gnulib/m4/selinux-context-h.m4 -@@ -0,0 +1,16 @@ -+# serial 1 -*- Autoconf -*- -+# Copyright (C) 2006, 2007 Free Software Foundation, Inc. -+# This file is free software; the Free Software Foundation -+# gives unlimited permission to copy and/or distribute it, -+# with or without modifications, as long as this notice is preserved. -+ -+# From Jim Meyering -+# Provide , if necessary. -+ -+AC_DEFUN([gl_HEADERS_SELINUX_CONTEXT_H], -+[ -+ AC_CHECK_HEADERS([selinux/context.h], -+ [SELINUX_CONTEXT_H=], -+ [SELINUX_CONTEXT_H=selinux/context.h]) -+ AC_SUBST([SELINUX_CONTEXT_H]) -+]) -diff --git a/gnulib/m4/selinux-selinux-h.m4 b/gnulib/m4/selinux-selinux-h.m4 -new file mode 100644 -index 0000000..767c4f7 ---- /dev/null -+++ b/gnulib/m4/selinux-selinux-h.m4 -@@ -0,0 +1,57 @@ -+# serial 3 -*- Autoconf -*- -+# Copyright (C) 2006, 2007, 2009 Free Software Foundation, Inc. -+# This file is free software; the Free Software Foundation -+# gives unlimited permission to copy and/or distribute it, -+# with or without modifications, as long as this notice is preserved. -+ -+# From Jim Meyering -+# Provide , if necessary. -+# If it is already present, provide wrapper functions to guard against -+# misbehavior from getfilecon, lgetfilecon, and fgetfilecon. -+ -+AC_DEFUN([gl_HEADERS_SELINUX_SELINUX_H], -+[ -+ AC_REQUIRE([gl_LIBSELINUX]) -+ AC_CHECK_HEADERS([selinux/selinux.h]) -+ -+ if test "$ac_cv_header_selinux_selinux_h" = yes; then -+ # We do have , so do compile getfilecon.c -+ # and arrange to use its wrappers. -+ AC_LIBOBJ([getfilecon]) -+ gl_CHECK_NEXT_HEADERS([selinux/selinux.h]) -+ AC_DEFINE([getfilecon], [rpl_getfilecon], -+ [Always use our getfilecon wrapper.]) -+ AC_DEFINE([lgetfilecon], [rpl_lgetfilecon], -+ [Always use our lgetfilecon wrapper.]) -+ AC_DEFINE([fgetfilecon], [rpl_fgetfilecon], -+ [Always use our fgetfilecon wrapper.]) -+ fi -+ -+ case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in -+ no:*) # already warned -+ ;; -+ *:no) -+ AC_MSG_WARN([libselinux was found but selinux/selinux.h is missing.]) -+ AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux support.]) -+ esac -+]) -+ -+AC_DEFUN([gl_LIBSELINUX], -+[ -+ AC_REQUIRE([AC_CANONICAL_HOST]) -+ AC_REQUIRE([AC_CANONICAL_BUILD]) -+ LIB_SELINUX= -+ gl_save_LIBS=$LIBS -+ AC_SEARCH_LIBS([setfilecon], [selinux], -+ [test "$ac_cv_search_setfilecon" = "none required" || -+ LIB_SELINUX=$ac_cv_search_setfilecon]) -+ AC_SUBST([LIB_SELINUX]) -+ LIBS=$gl_save_LIBS -+ -+ # Warn if SELinux is found but libselinux is absent; -+ if test "$ac_cv_search_setfilecon" = no && -+ test "$host" = "$build" && test -d /selinux; then -+ AC_MSG_WARN([This system supports SELinux but libselinux is missing.]) -+ AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux support.]) -+ fi -+]) --- -1.7.9.6 - diff --git a/recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-supplemental.patch b/recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-supplemental.patch new file mode 100644 index 0000000..f4db6ac --- /dev/null +++ b/recipes-extended/findutils/findutils-4.4.2/findutils-with-selinux-supplemental.patch @@ -0,0 +1,32 @@ +Subject: [PATCH] Fetch support for selinux in gnulib + +This eliminates the need for the following patch: +findutils: support selinux and gnulib + +This is done by fetching the latest gnulib updates +up to the point where the selinux-at module was +introduced from coreutils. + +Upstream-Status: Backport + +diff --git a/import-gnulib.config b/import-gnulib.config +index f2e8998..fa24d99 100644 +--- a/import-gnulib.config ++++ b/import-gnulib.config +@@ -1,7 +1,8 @@ + # findutils gnulib.config -*- sh -*- + + # What version of gnulib to use? +-gnulib_version="e5573b1bad88bfabcda181b9e0125fb0c52b7d3b" ++gnulib_version="7dfa1250265017223e36c72713a7521421b4d27c" + destdir="gnulib" + + # Random extra gnulib files needed for findutils. +@@ -68,6 +69,7 @@ realloc + regex + rpmatch + savedir ++selinux-at + stat-macros + stat-time + stpcpy diff --git a/recipes-extended/findutils/findutils_4.4.2.bbappend b/recipes-extended/findutils/findutils_4.4.2.bbappend index eb94cfa..5488839 100644 --- a/recipes-extended/findutils/findutils_4.4.2.bbappend +++ b/recipes-extended/findutils/findutils_4.4.2.bbappend @@ -1,10 +1,17 @@ -PR .= ".2" +PR .= ".3" FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:" +SRC_URI += "git://git.yoctogit.savannah.gnu.org/gnulib.git" SRC_URI += "file://findutils-with-selinux.patch" -SRC_URI += "file://findutils-with-selinux-gnulib.patch" +SRC_URI += "file://findutils-with-selinux-supplemental.patch" +SRCREV = "7dfa1250265017223e36c72713a7521421b4d27c" DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}" EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'selinux', '--with-selinux', '--without-selinux', d)}" + +#Make sure we call import-gnulib to reflect on the new changes to its config. +do_configure_prepend () { + ${S}/import-gnulib.sh +} -- cgit v1.2.3-54-g00ecf