On Tue, 2016-12-20 at 14:01 -0500, Paul Moore wrote:
> On Tue, Dec 20, 2016 at 12:58 PM, Stephen Smalley <sds@xxxxxxxxxxxxx>
> wrote:
> >
> > On Tue, 2016-12-20 at 12:45 -0500, Paul Moore wrote:
> > >
> > > From: Paul Moore <paul@xxxxxxxxxxxxxx>
> > >
> > > Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new
> > > capability
> > > definitions") added a check on the defined capabilities without
> > > explicitly including the capability header file which caused
> > > problems
> > > when building genheaders for users of clang/llvm. Resolve this
> > > by
> > > using the kernel headers when building genheaders, which is
> > > arguably
> > > the right thing to do regardless, and explicitly including the
> > > kernel's capability.h header file in classmap.h.
> > >
> > > Reported-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
> > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > > ---
> > > scripts/selinux/genheaders/Makefile | 4 +++-
> > > scripts/selinux/genheaders/genheaders.c | 4 ++++
> > > security/selinux/include/classmap.h | 2 ++
> > > 3 files changed, 9 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/scripts/selinux/genheaders/Makefile
> > > b/scripts/selinux/genheaders/Makefile
> > > index 1d1ac51359e3..6fc2b8789a0b 100644
> > > --- a/scripts/selinux/genheaders/Makefile
> > > +++ b/scripts/selinux/genheaders/Makefile
> > > @@ -1,4 +1,6 @@
> > > hostprogs-y := genheaders
> > > -HOST_EXTRACFLAGS += -Isecurity/selinux/include
> > > +HOST_EXTRACFLAGS += \
> > > + -I$(srctree)/include/uapi -I$(srctree)/include \
> > > + -I$(srctree)/security/selinux/include
> > >
> > > always := $(hostprogs-y)
> > > diff --git a/scripts/selinux/genheaders/genheaders.c
> > > b/scripts/selinux/genheaders/genheaders.c
> > > index 539855ff31f9..f4dd41f900d5 100644
> > > --- a/scripts/selinux/genheaders/genheaders.c
> > > +++ b/scripts/selinux/genheaders/genheaders.c
> > > @@ -1,3 +1,7 @@
> > > +
> > > +/* NOTE: we really do want to use the kernel headers here */
> > > +#define __EXPORTED_HEADERS__
> > > +
> > > #include <stdio.h>
> > > #include <stdlib.h>
> > > #include <unistd.h>
> > > diff --git a/security/selinux/include/classmap.h
> > > b/security/selinux/include/classmap.h
> > > index e2d4ad3a4b4c..13ae49b0baa0 100644
> > > --- a/security/selinux/include/classmap.h
> > > +++ b/security/selinux/include/classmap.h
> > > @@ -1,3 +1,5 @@
> > > +#include <linux/capability.h>
> >
> > I think we only need uapi/linux/capability.h, not the kernel-
> > private
> > definitions.
>
> Pulling in only uapi/linux/capability.h resulted in numerous
> conflicts
> between the system and kernel-private includes. Some of these
> conflicts can be resolved by pre-defining a number of preprocessor
> macros, but the patch was starting to look very hackish and it wasn't
> clear to me that it would be possible to resolve all of the
> conflicts.
>
> I am open to other suggestions so long as they solve the problem
> Nicolas reported.
Ok, that's fine then. I was just trying to minimize what gets pulled
in by classmap.h, but if it creates more complication, it isn't worth
it.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
