[PATCH] Fix build compat with older libselinux for LXC

"Daniel P. Berrange" <berrange@xxxxxxxxxx> · Wed, 16 May 2012 14:20:44 +0100

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Most versions of libselinux do not contain the function
selinux_lxc_contexts_path() that the security driver
recently started using for LXC. We must add a conditional
check for it in configure and then disable the LXC security
driver for builds where libselinux lacks this function.

NB although this qualifies as a build breaker fix, I'm
   not pushing until it has had review

* configure.ac: Check for selinux_lxc_contexts_path
* src/security/security_selinux.c: Disable LXC security
  if selinux_lxc_contexts_path() is missing
---
 configure.ac                    |    1 +
 src/security/security_selinux.c |   19 ++++++++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9c356c9..d666736 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1360,6 +1360,7 @@ else
   fail=0
   AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
   AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
+  AC_CHECK_FUNCS([selinux_lxc_contexts_path])
   CFLAGS="$old_cflags"
   LIBS="$old_libs"
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b0bb0a0..2b8ff19 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -127,6 +127,7 @@ err:
 }
 
 
+#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static int
 SELinuxLXCInitialize(virSecurityManagerPtr mgr)
 {
@@ -189,6 +190,15 @@ error:
     VIR_FREE(data->content_context);
     return -1;
 }
+#else
+static int
+SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+{
+    virReportSystemError(ENOSYS, "%s",
+                         _("libselinux does not support LXC contexts path"));
+    return -1;
+}
+#endif
 
 
 static int
@@ -443,9 +453,12 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
     if (!is_selinux_enabled())
         return SECURITY_DRIVER_DISABLE;
 
-    if (virtDriver && STREQ(virtDriver, "LXC") &&
-        !virFileExists(selinux_lxc_contexts_path()))
-        return SECURITY_DRIVER_DISABLE;
+    if (virtDriver && STREQ(virtDriver, "LXC")) {
+#if HAVE_SELINUX_LXC_CONTEXTS_PATH
+        if (!virFileExists(selinux_lxc_contexts_path()))
+#endif
+            return SECURITY_DRIVER_DISABLE;
+    }
 
     return SECURITY_DRIVER_ENABLE;
 }
-- 
1.7.7.6

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





