On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> Hello again.
>
> The security risk associated with the linkage of an old libsepol.a
> static library is low due to the fact that the tools are usually built
> from each component separately after all the libraries have been
> previously built and installed.
>
> On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > should do so on a system which hasn't got it already installed (or make
> > > sure you get temporarily rid of
> > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> >
> > I know it is presently broken, but not sure exactly when/who broke it.
> > However, as a working example:
> > $ git clean -fdx
> > $ rm -rf ~/out
> > $ git checkout master@{"16 months ago"}
> > $ make DESTDIR=~/out
> >
> > works just fine for me.
>
> ...
> make -C src
> make[2]: Entering directory
> `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
> -Wmissing-format-attribute -I../include -I/opt/out/usr/include
> -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -c -o load_policy.o load_policy.c
> load_policy.c:14:25: fatal error: sepol/sepol.h: No such file or
> directory
> compilation terminated.
> make[2]: *** [load_policy.o] Error 1
> make[2]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> make[1]: *** [all] Error 2
> make[1]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux'
> make: *** [all] Error 1
>
> The above is what I get. And there is probably more behind that...
>
> The problem is due to the fact that before "make install" is issued,
> nothing usually exists under DESTDIR whatever DESTDIR is.
>
> So includes from DESTDIR are getting included but unfortunately they are
> not there (yet). Until you have temporarily removed DESTDIR, you won't
> be able to reproduce it.
I did remove it - look again at my message and see the rm -rf ~/out.
I also removed the system headers and libraries via yum. Here we go
again:
$ ls ~/out
ls: cannot access /home/sds/out: No such file or directory
$ ls /usr/include/selinux
ls: cannot access /usr/include/selinux: No such file or directory
$ ls /usr/include/sepol
ls: cannot access /usr/include/sepol: No such file or directory
$ make DESTDIR=~/out > out
<completes successfully>
$ ls ~/out/lib/
libselinux.so.1 libsepol.so.1
$ ls ~/out/usr/include/
selinux semanage sepol
$ ls ~/out/usr/lib
libselinux.a libsemanage.a libsemanage.so.1 libsepol.so python2.7
libselinux.so libsemanage.so libsepol.a pkgconfig
See, from nothing to a complete build. I can't explain it any more
clearly, so I'm stopping this thread here.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
