On Mon, Dec 19, 2016 at 8:35 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Mon, Dec 19, 2016 at 9:24 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On Sun, 2016-12-18 at 21:06 +0100, Nicolas Iooss wrote: >>> Hello, >>> This patch made the compiler I am using to build the kernel (clang) >>> report two new warnings when building >>> scripts/selinux/genheaders/genheaders.c and >>> scripts/selinux/mdp/mdp.c: >>> >>> 'CAP_LAST_CAP' is not defined, evaluates to 0 [-Wundef] >>> 'CAP_AUDIT_READ' is not defined, evaluates to 0 [-Wundef] >>> >>> Even though this is not detected by gcc, it seems like a bug to >>> compare >>> undefined values. There is no issue where classmap.h is included from >>> security/selinux/avc.c because include/uapi/linux/capability.h got >>> included too. >>> >>> I see two ways of fixing these warnings: either by defining the >>> capability values in genheaders and mdp by adding #include >>> <linux/capability.h>, or by adding "defined(__KERNEL__) &&" before >>> the >>> test so that it is only processed from kernel code (avc.c). How would >>> you like this to be fixed? >> >> I suppose we ought to #include <uapi/linux/capability.h> in classmap.h. > > Yep. Unless one of you wants to beat me to it, I'll put a quick patch > together tomorrow. See the patch I just posted to the list. It turns out it wasn't quite that easy due to conflicts between the kernel and system among the various nested includes, but I think the posted patch should solve everything, if not please let me know. If I don't hear anything, I'll push this up to James later this week (tomorrow?) for inclusion into v4.10. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
