Re: selinux: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared

Thiébaud Weksteen <tweek@xxxxxxxxxx> · Wed, 8 Jan 2025 21:31:15 +1100

On Wed, Jan 8, 2025 at 7:28 PM Sebastian Andrzej Siewior
<bigeasy@xxxxxxxxxxxxx> wrote:
>
> Hi,
>
> since commit d1d991efaf346 ("selinux: Add netlink xperm support") I can't
> compile a defconfig:
>
> | $ make defconfig
> | $ make security/selinux/nlmsgtab.o
> …
> |   CC      security/selinux/nlmsgtab.o
> | security/selinux/nlmsgtab.c: In function ‘selinux_nlmsg_lookup’:
> | security/selinux/nlmsgtab.c:188:33: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared (first use in this function); did you mean ‘NETLINK_ROUTE_SOCKET__LOCK’?
> |   188 |                         *perm = NETLINK_ROUTE_SOCKET__NLMSG;
> |       |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> |       |                                 NETLINK_ROUTE_SOCKET__LOCK
> | security/selinux/nlmsgtab.c:188:33: note: each undeclared identifier is reported only once for each function it appears in
> | security/selinux/nlmsgtab.c:196:33: error: ‘NETLINK_TCPDIAG_SOCKET__NLMSG’ undeclared (first use in this function); did you mean ‘NETLINK_TCPDIAG_SOCKET__MAP’?
> |   196 |                         *perm = NETLINK_TCPDIAG_SOCKET__NLMSG;
> |       |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> |       |                                 NETLINK_TCPDIAG_SOCKET__MAP
> | security/selinux/nlmsgtab.c:210:33: error: ‘NETLINK_XFRM_SOCKET__NLMSG’ undeclared (first use in this function); did you mean ‘NETLINK_XFRM_SOCKET__MAP’?
> |   210 |                         *perm = NETLINK_XFRM_SOCKET__NLMSG;
> |       |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
> |       |                                 NETLINK_XFRM_SOCKET__MAP
> | security/selinux/nlmsgtab.c:218:33: error: ‘NETLINK_AUDIT_SOCKET__NLMSG’ undeclared (first use in this function); did you mean ‘NETLINK_AUDIT_SOCKET__LOCK’?
> |   218 |                         *perm = NETLINK_AUDIT_SOCKET__NLMSG;
> |       |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> |       |                                 NETLINK_AUDIT_SOCKET__LOCK
> | make[5]: *** [scripts/Makefile.build:194: security/selinux/nlmsgtab.o] Error 1
> …
>
> The commit introducing this is part of v6.13-rc1 and we have v6.13-rc6
> and I wonder why am I the only one seeing this? The bots must have
> noticed it way earlier and yet I can't find any report of it.
> Is this a typo that everyone keeps ignoring or do I lack something that
> auto generates this define somewhere?

Thanks for the report. This is a known issue where the generated
header is not cleaned properly:
https://lore.kernel.org/selinux/20241127-selinux-clean-v2-1-a6e528c1ff93@xxxxxxxxxxxxx/

Could you try to remove security/selinux/av_permissions.h manually
from your build directory and build again?