On Wed, Feb 28, 2024 at 10:20:22AM +0100, Petr Lautrbach wrote: > Steve Langasek <vorlon@xxxxxxxxxx> writes: > > Since all of your comments have been about the mechanics of the patch > > landing, am I able to take it as agreed that libselinux will add a new entry > > point of matchpathcon_filespec_add64@LIBSELINUX_3.6 in the next release, and > > the rest is details? > Technical detail: next release will be 3.7 therefore I'd expect > matchpathcon_filespec_add64@LIBSELINUX_3.7 Ok, patch updated. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@xxxxxxxxxx vorlon@xxxxxxxxxx
From 8f137ba1da9caadc4fafe4dc7c16b6a0e51eeb80 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
Date: Thu, 15 Feb 2024 15:22:45 -0800
Subject: [PATCH] Always build for LFS mode on 32-bit archs.
Maintains the type signature of the existing matchpathcon_filespec_add()
entry point on 32-bit archs but maps the API to a new
matchpathcon_filespec_add64() entry point that takes a 64-bit ino_t argument
instead.
Software on 32-bit Linux ports which historically use a 32-bit time_t (thus
affected by the y2038 problem) have, as a precondition of migrating to
64-bit time_t, that they also migrate to large filesystem support because
glibc does not provide entry points for the cross-product of
(LFS: yes, LFS: no) x (time_t: 32, time_t: 64).
In order to support smooth migration of such operating systems from 32-bit
time_t to 64-bit time_t, it is useful for libselinux to:
- provide entry points on 32-bit systems for both LFS and non-LFS variants
of the API (as glibc itself does)
- use LFS internally for all filesystem calls (just in case)
- map the API call to the correct implementation based on the build
environment of the caller.
Signed-off-by: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
---
libselinux/Makefile | 6 ++++++
libselinux/include/selinux/selinux.h | 5 +++++
libselinux/src/Makefile | 2 ++
libselinux/src/libselinux.map | 5 +++++
libselinux/src/matchpathcon.c | 16 ++++++++++++++++
libselinux/utils/Makefile | 2 ++
6 files changed, 36 insertions(+)
diff --git a/libselinux/Makefile b/libselinux/Makefile
index 6d9e2736..a50b6491 100644
--- a/libselinux/Makefile
+++ b/libselinux/Makefile
@@ -34,6 +34,12 @@ PCRE_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE))
PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE))
export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS
+USE_LFS ?= y
+ifeq ($(USE_LFS),y)
+ LFS_CFLAGS := -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
+endif
+export LFS_CFLAGS
+
OS := $(shell uname)
export OS
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index a0948853..080b486c 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -1,8 +1,10 @@
#ifndef _SELINUX_H_
#define _SELINUX_H_
+#include <stdint.h>
#include <sys/types.h>
#include <stdarg.h>
+#include <asm/bitsperlong.h>
#ifdef __cplusplus
extern "C" {
@@ -521,6 +523,9 @@ extern int matchpathcon_index(const char *path,
with the same inode (e.g. due to multiple hard links). If so, then
use the latter of the two specifications based on their order in the
file contexts configuration. Return the used specification index. */
+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64
+#define matchpathcon_filespec_add matchpathcon_filespec_add64
+#endif
extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
/* Destroy any inode associations that have been added, e.g. to restart
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index d3b981fc..9580cce8 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -89,6 +89,8 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-Werror -Wno-aggregate-return \
$(EXTRA_CFLAGS)
+override CFLAGS += $(LFS_CFLAGS)
+
LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=libselinux.map,-z,defs,-z,relro
ifeq ($(OS), Darwin)
diff --git a/libselinux/src/libselinux.map b/libselinux/src/libselinux.map
index 5e00f45b..030d978e 100644
--- a/libselinux/src/libselinux.map
+++ b/libselinux/src/libselinux.map
@@ -252,3 +252,8 @@ LIBSELINUX_3.5 {
getpidprevcon;
getpidprevcon_raw;
} LIBSELINUX_3.4;
+
+LIBSELINUX_3.7 {
+ global:
+ matchpathcon_filespec_add64;
+} LIBSELINUX_3.5;
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index e44734c3..f8ee4b4b 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -261,6 +261,22 @@ int matchpathcon_filespec_add(ino_t ino, int specind, const char *file)
return -1;
}
+#if _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64
+/* alias defined in the public header but we undefine it here */
+#undef matchpathcon_filespec_add
+
+/* ABI backwards-compatible shim for non-LFS 32-bit systems */
+
+extern int matchpathcon_filespec_add(unsigned long ino, int specind,
+ const char *file);
+
+int matchpathcon_filespec_add(unsigned long ino, int specind,
+ const char *file)
+{
+ return matchpathcon_filespec_add64(ino, specind, file);
+}
+#endif
+
/*
* Evaluate the association hash table distribution.
*/
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index f3cedc11..0d7095b1 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -36,6 +36,8 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-Werror -Wno-aggregate-return -Wno-redundant-decls -Wstrict-overflow=5 \
$(EXTRA_CFLAGS)
+override CFLAGS += $(LFS_CFLAGS)
+
ifeq ($(OS), Darwin)
override CFLAGS += -I/opt/local/include -I../../libsepol/include
override LDFLAGS += -L../../libsepol/src -undefined dynamic_lookup
--
2.43.0
Attachment:
signature.asc
Description: PGP signature
