Re: [PATCH v2 1/2] selinux: do not include <linux/*.h> headers from host programs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 6, 2024 at 1:29 PM Masahiro Yamada <masahiroy@xxxxxxxxxx> wrote:
>
> The header, security/selinux/include/classmap.h, is included not only
> from kernel space but also from host programs.
>
> It includes <linux/capability.h> and <linux/socket.h>, which pull in
> more <linux/*.h> headers. This makes the host programs less portable,
> specifically causing build errors on macOS.
>
> Those headers are included for the following purposes:
>
>  - <linux/capability.h> for checking CAP_LAST_CAP
>  - <linux/socket.h> for checking PF_MAX
>
> These checks can be guarded by __KERNEL__ so they are skipped when
> building host programs. Testing them when building the kernel should
> be sufficient.
>
> The header, security/selinux/include/initial_sid_to_string.h, includes
> <linux/stddef.h> for the NULL definition, but this is not portable
> either. Instead, <stddef.h> should be included for host programs.
>
> Reported-by: Daniel Gomez <da.gomez@xxxxxxxxxxx>
> Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-6-4cd1ded85694@xxxxxxxxxxx/
> Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-7-4cd1ded85694@xxxxxxxxxxx/
> Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx>
> ---
>
> Changes in v2:
>   - Reword the commit description
>   - Keep the location of CAP_LAST_CAP
>   - Include <stddef.h> for host programs
>
>  scripts/selinux/genheaders/Makefile              |  4 +---
>  scripts/selinux/genheaders/genheaders.c          |  3 ---
>  scripts/selinux/mdp/Makefile                     |  2 +-
>  scripts/selinux/mdp/mdp.c                        |  4 ----
>  security/selinux/include/classmap.h              | 11 ++++++++---
>  security/selinux/include/initial_sid_to_string.h |  4 ++++
>  6 files changed, 14 insertions(+), 14 deletions(-)

This looks much better, thank you.  We're currently at -rc6 which is
later than I would like to merge patches like this (I try to stick to
bug fixes or trivial changes at this point in the development cycle),
so I'm going to hold on to this until after the upcoming merge window
where I'll merge it into selinux/dev.  See the below doc for more
information on how the SELinux tree is managed:

https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/tree/README.md

-- 
paul-moore.com





[Index of Archives]     [Linux&nblp;USB Development]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite Secrets]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux