On Fri, Sep 6, 2024 at 2:37 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Fri, Sep 6, 2024 at 1:29 PM Masahiro Yamada <masahiroy@xxxxxxxxxx> wrote: > > > > The header, security/selinux/include/classmap.h, is included not only > > from kernel space but also from host programs. > > > > It includes <linux/capability.h> and <linux/socket.h>, which pull in > > more <linux/*.h> headers. This makes the host programs less portable, > > specifically causing build errors on macOS. > > > > Those headers are included for the following purposes: > > > > - <linux/capability.h> for checking CAP_LAST_CAP > > - <linux/socket.h> for checking PF_MAX > > > > These checks can be guarded by __KERNEL__ so they are skipped when > > building host programs. Testing them when building the kernel should > > be sufficient. > > > > The header, security/selinux/include/initial_sid_to_string.h, includes > > <linux/stddef.h> for the NULL definition, but this is not portable > > either. Instead, <stddef.h> should be included for host programs. > > > > Reported-by: Daniel Gomez <da.gomez@xxxxxxxxxxx> > > Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-6-4cd1ded85694@xxxxxxxxxxx/ > > Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-7-4cd1ded85694@xxxxxxxxxxx/ > > Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx> > > --- > > > > Changes in v2: > > - Reword the commit description > > - Keep the location of CAP_LAST_CAP > > - Include <stddef.h> for host programs > > > > scripts/selinux/genheaders/Makefile | 4 +--- > > scripts/selinux/genheaders/genheaders.c | 3 --- > > scripts/selinux/mdp/Makefile | 2 +- > > scripts/selinux/mdp/mdp.c | 4 ---- > > security/selinux/include/classmap.h | 11 ++++++++--- > > security/selinux/include/initial_sid_to_string.h | 4 ++++ > > 6 files changed, 14 insertions(+), 14 deletions(-) > > This looks much better, thank you. We're currently at -rc6 which is > later than I would like to merge patches like this (I try to stick to > bug fixes or trivial changes at this point in the development cycle), > so I'm going to hold on to this until after the upcoming merge window > where I'll merge it into selinux/dev. See the below doc for more > information on how the SELinux tree is managed: > > https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/tree/README.md I just merged this into selinux/dev, you should see it reflected in the kernel.org shortly. -- paul-moore.com
