| 082f1d1274bac6fafa0d107f5780730eb9fb5172 |
|
16-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: Remove deprecated mudflap option.
The mudflap run time checker was removed in GCC 4.9. The
option no longer does anything and triggers a warning from gcc 4.9
and later. Remove it. We might want to add -fsanitize=address
to enable AddressSanitizer in its place, but that should be a separate
change.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/Makefile
|
| 71393a181d63c9baae5fe8dcaeb9411d1f253998 |
|
20-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
libselinux: libsepol: use ln --relative to create .so symlinks
The current build system assumes SHLIBDIR is ../../ relative to LIBDIR.
However, this isn't always the case. For example, Arch Linux sets both
LIBDIR and SHLIBDIR to /usr/lib, which results in broken symlinks.
Instead of making that assumption, create .so symlinks using ln
--relative so that the correct relative paths are used. Note that this
adds a dependency for the build system to use coretuils-8.16 or later.
Fixes #2
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libselinux/src/Makefile
|
| a2737333c795cae2aa4e31deed95a8e155d64d4a |
|
20-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: Refactor rpm_execcon() into a new setexecfilecon()
This new function allows a process to invoke helper programs with
a new execution context based on the filename, this is initially
intended for package managers so that they can easily execute
package scriptlets or maintainer scripts.
Base rpm_execcon() off this new function.
Signed-off-by: Guillem Jover <guillem@debian.org>
/external/selinux/libselinux/src/Makefile
|
| 52d52fe2d679b546e7205a5224e550860839c415 |
|
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Make RANLIB variable overridable
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
/external/selinux/libselinux/src/Makefile
|
| c32da69e016061c1a06ec08298aae8c995fbea31 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Fixes for procattr calls to handle cache properly.
We were asked not to link to libpthread but to use gcc internals.
We were not handling properly the fact that a cache was UNSET, and this
patch fixes this.
/external/selinux/libselinux/src/Makefile
|
| a8b3340288cb5252b2a8844e4892c066d5b8fdf5 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles
/external/selinux/libselinux/src/Makefile
|
| 9c83b206e11e59f0b6ccb8020836f2d7c65dd3d7 |
|
23-Jan-2013 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: pkg-config do not specifc ruby version
pkg-config do not work if you specifiy the version of ruby in Fedora 19
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 1d403326aecd92dfa0120cfd2e9c3c52a2a3cdf1 |
|
09-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: optimize set*con functions
Set*con now caches the security context and only re-sets it if it changes.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 091eb526dd2036d993517d09e4fc67b2bec3ec5e |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use PCRE instead of glibc regex functions
The PCRE functions are about x10 faster than the glibc functions. So
use the external library.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 1024ea34c6ff68625037fd8abbda5dc910ac31e5 |
|
01-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: remove PYTHONLIBDIR and ruby equivalent
We generate pkg-config --libs and use that to build the libselinux
python so file. We do not use it to build the libsemanage versions. We
also never use the ruby equivalent. So stop calling pkg-config
uselessly.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| b2523dc167b1b61ea3cc42a97c8da6ac60ad7550 |
|
01-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: do not set soname needlessly
We explicitly set the soname of the python and ruby files. We don't
need this. We are using the -o name as the soname, so just let the
toolchain do its thing. It just makes the Makefile nicer to read.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 824df4b60b8f3de26fb900ed5f74ca6379de6d99 |
|
01-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: additional makefile support for rubywrap
SELinux ruby bindings didn't build from the top level
the swig generated .c file wasn't gitignored
use pkg-config for ruby info like we do for python
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 5d19b707232718377e7378d43a677011e6f97a58 |
|
19-Apr-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: remove build warning when build swig c files
swig creates C files with warnings. Turn off the warnings so the build
is clean. We can't help the code it produces anyway...
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| ac6ab3afc04adb98a072a8b213814862b0ab9e31 |
|
25-May-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Fortify source now requires all code to be compiled with -O flag
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| f7a75f17612d82385aeb338035f85016cff53b3d |
|
26-Mar-2012 |
Laurent Bigonville <bigon@debian.org> |
libselinux: Do not link against python library, this is considered bad practice in debian
Do not link python module with libpython, the interpreter is already linked against it.
Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 5766295bb2ad45c85a1cc489f220dde07074b737 |
|
15-Feb-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: build with either ruby 1.9 or ruby 1.8
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| dc21b09c255a88790d1b212ead0cbe91bcca79ff |
|
15-Feb-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: pkg-config to figure out where ruby include files are located
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 41649ca786b3243d92f8118238a33ec2d44cc5d3 |
|
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Enable many more gcc warnings for libselinux/src/ builds
XXX: -Wno-redundant-decls really shouldn't be set, if some way
can be found to deal with warnings generated by dso.h
XXX: the maximum stack size should be much lower, but there
are too many functions using PATH_MAX which need to be rewritten
to use the heap instead.
XXX: probe for whether the user's GCC supports a flag ?
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| c81a43c753efbda6f2106dbf0a291005683474f8 |
|
28-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: libsepol: regenerate .pc on VERSION change
The makefile which generated the package config files did not have the
VERSION file as a dependancy. Thus if you updated a tree you have
previously build the .pc file wouldn't be rebuilt and the old version
would be reinstalled.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 468bff095253171300a5faa4bb23f0b2524fde08 |
|
19-Sep-2011 |
Eric Paris <eparis@redhat.com> |
tree: Makefiles: syntax, convert all ${VAR} to $(VAR)
This is purely personal preference. Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}. Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| e172b87a305e3ef602ae9caf3272fcb1cae0f1a3 |
|
14-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: put libselinux.so.1 in /lib not /usr/lib
Commit 874bac80bbfbf0a5 incorrectly changed the default install location
of libselinux.so.1 from /lib to /usr/lib. This patch fixes that problem
by reverting that portion of the change.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 57c6012f8662d8f40d42fe145a5ec55bbd1b0f73 |
|
22-Aug-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: python wrapper makefile changes
Allow Change libselinux Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 874bac80bbfbf0a5af51bfa02cad2c233aac7273 |
|
24-Jun-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
Patch for python3 for libselinux
Allow the specification of python3 in the swig creation
This patch adds the new option PYPREFIX which causes the swig created
libraries to have a prefix. This allows one to build both the python2
and python3 libraries in the same source tree. The install will then
later strip this prefix back off when it drops the files into the python
approriate site package directory.
This patch also needs to update the PYINC definition as newer python
patckages on fedora exist in /usr/include/python3.2mu instead of
/usr/include/python3.2 as the other method of detemrining PYINC would
have found.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| e4f49b120abfa5a46280de59b64384449c8a63f6 |
|
22-Jun-2011 |
root <root@(none).(none)> |
libselinux: simplify SRCS in Makefile
The makefile does:
SRCS= $(filter-out $A, $(filter-out $B, *))
When it can just do:
SRCS= $(filter-out $A $B, *)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/Makefile
|
| 7420787817c4949276d7947202b49d78eba37c13 |
|
24-Feb-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
updated libselinux pkgconfig does not work correctly on lib64 machines.
On 02/24/2010 02:24 PM, Daniel J Walsh wrote:
>
Ignore the first patch it was missing pc.in files.
Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libselinux/src/Makefile
|
| a69fb97edd244b94b2289ee3d0874f989b6ffe9c |
|
20-Oct-2009 |
Manoj Srivastava <srivasta@debian.org> |
exception.sh contains bashisms
Hi folks,
The script, src/exception.sh, contains so called bashisms
(constructs not supported by POSIX, but present as bash
extensions). This means when trying to build on systems where /bin/sh
is not bash, the build fails with an error. This patch uses bash to
run exception.sh. This bug affects a significant subset of Debian and
Debian derivative machines.
manoj
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libselinux/src/Makefile
|
| 12777502c638698a9e1dd6748a2309cb87946a65 |
|
21-Oct-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Add pkgconfig files for libsepol, libselinux, and libsemanage.
Having a pkgconfig files allows the pkg-config tool to be used to
query the presence of the library (or a particular version of it),
and to obtain the C flags and linker arguments to build with it.
Based on Debian patches by Manoj Srivastava <srivasta@debian.org>.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/Makefile
|
| 8569b09417ac29b1792da6241f0745b76367f813 |
|
24-Sep-2009 |
Joshua Brindle <method@manicmethod.com> |
This updates commit 66d07600075d53735197520e4a5bbe6796a89d25
This seems to work better on my system (aux-info on temp.c didn't do anything)
Also it fixes the noted Makefile issues
/external/selinux/libselinux/src/Makefile
|
| 66d07600075d53735197520e4a5bbe6796a89d25 |
|
16-Sep-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch fixes the exception handling in libselinux-python bindings
On 09/16/2009 03:35 PM, Joshua Brindle wrote:
>
>
> Joshua Brindle wrote:
>>
>>
>> Daniel J Walsh wrote:
>>> What do you think of this one. Removed excess swig cruft,
>>>
>>> You need to run
>>>
>>> make swigify to generate those changes.
>>>
>>
>> Ok, looking at this now. I don't completely get how it works. I'm trying
>> to reproduce what you are doing by hand but nothing comes out of gcc:
>>
>> [root@localhost src]# echo '#include "../include/selinux/selinux.h"' >
>> temp.c
>> [root@localhost src]# gcc -c temp.c -aux-info temp.aux
>> [root@localhost src]# ls temp.*
>> temp.c temp.o
>>
>>
>> What is the purpose of the aux-info thing, and why doesn't it work on my
>> F11 machine?
>>
>> also, I'm not sure if the best place for selinuxswig_exception.i is
>> swigify or pywrap. In the swigify case it shouldn't be in the clean
>> target because if you check out the repo and do make clean; make pywrap
>> you'll get an error. (I can make these fixes, I'm just trying to figure
>> out how it all works first).
>>
>
> Oh, one more thing, should this be python specific? (E.g, should it be
> named selinuxswig_python_exception.i ?)
Changed name to selinux_python_exception.i
WOrks for me on F11 and F12
dwalsh@localhost$ echo '#include "../include/selinux/selinux.h"' > temp.c
dwalsh@localhost$ gcc -c temp.c -aux-info temp.aux
dwalsh@localhost$ ls temp.*
temp.aux temp.c temp.o
cat temp.aux
/* compiled from: . */
/* /usr/include/sys/select.h:109:NC */ extern int select (int, fd_set *, fd_set *, fd_set *, struct timeval *);
/* /usr/include/sys/select.h:121:NC */ extern int pselect (int, fd_set *, fd_set *, fd_set *, const struct timespec *, const __sigset_t *);
/* /usr/include/sys/sysmacros.h:31:NC */ extern unsigned int gnu_dev_major (long long unsigned int);
/* /usr/include/sys/sysmacros.h:34:NC */ extern unsigned int gnu_dev_minor (long long unsigned int);
/* /usr/include/sys/sysmacros.h:37:NC */ extern long long unsigned int gnu_dev_makedev (unsigned int, unsigned int);
/* ../include/selinux/selinux.h:12:NC */ extern int is_selinux_enabled (void);
/* ../include/selinux/selinux.h:14:NC */ extern int is_selinux_mls_enabled (void);
/* ../include/selinux/selinux.h:19:NC */ extern void freecon (security_context_t);
/* ../include/selinux/selinux.h:22:NC */ extern void freeconary (security_context_t *);
...
commit 38d98bd958f42ea18c9376e624d733795665ee22
Author: Dan Walsh <dwalsh@redhat.com>
Date: Wed Sep 16 16:51:14 2009 -0400
Add exception code
/external/selinux/libselinux/src/Makefile
|
| 1ac1ff6382505fa1e245fdc9c91b2448a7843101 |
|
14-Jul-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert Tomas Mraz's fix for freeing thread local storage in libselinux.
This reverts commit a842c9dae863c5a8a28bd6b6abf192c8b5ba1838.
/external/selinux/libselinux/src/Makefile
|
| a842c9dae863c5a8a28bd6b6abf192c8b5ba1838 |
|
10-Jun-2009 |
Tomas Mraz <tmraz@redhat.com> |
Author: Tomas Mraz
Email: tmraz@redhat.com
Subject: Problems with freeing thread local storage in libselinux
Date: Wed, 06 May 2009 12:38:35 +0200
On Wed, 2009-05-06 at 01:32 -0500, Manoj Srivastava wrote:
> Hi folks,
>
> There have been numerous reports in Debian and derivatives of
> programs linked with libselinux intermittently getting segfaults.
> There is, for instance, the Debian report 505920[0], and Ubuntu
> reports[1], [3] and [5], and Gnome [2]. I have not been able to
> reproduce the error myself, though I have run the test cases a number
> of times.
>
> The common thread in unclutter, libavg, gst-inspect et al. is a
> segmentation fault in libselinux1, in the 'fini' destructor functions,
> referencing the thread local variables.
>
> The Ubuntu bug log reference my old patch for libselinux from
> 1.X days, where I replaced the thread local storage with regular
> variables and mutexes, and people report success with that. I suspect
> that something is corrupting the thread local storage. From the ubuntu
> report:
> --8<---------------cut here---------------start------------->8---
> Valgrind reports:
> =29183== Invalid read of size 8
> ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211)
> ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1)
> ==29183== by 0xE29D040: (within /lib/libselinux.so.1)
> ==29183== by 0x570010F: exit (exit.c:75)
> 505920==29183== by 0x56E91CA: (below main) (libc-start.c:252)
> ==29183== Address 0x80 is not stack'd, malloc'd or (recently) free'd
> ==29183==
> ==29183== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==29183== Access not within mapped region at address 0x80
> ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211)
> ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1)
> ==29183== by 0xE29D040: (within /lib/libselinux.so.1)==29183== by 0x570010F: exit (exit.c:75)
> ==29183== by 0x56E91CA: (below main) (libc-start.c:252)
>
>
> (gdb) bt
> #0 0x00007f3ae812a9dd in fini_context_translations () at setrans_client.c:211
> #1 0x00007f3ae811e1f2 in __do_global_dtors_aux () from /lib/libselinux.so.1
> #2 0x00007ffff9097700 in ?? ()
> #3 0x00007f3ae812c041 in _fini () from /lib/libselinux.so.1
> #4 0x00007ffff9097700 in ?? ()
> #5 0x00007f3af0e88796 in _dl_fini () from /lib64/ld-linux-x86-64.so.2
> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
> --8<---------------cut here---------------end--------------->8---
>
> There have been two sets of patches proposed for this; first one
> merely initializes the variables in the init function, and this works
> for a number of people, but at least one person has reported a second
> segfault even with the patch installed[6]
>
> The second patch below converts a thread local cache to a
> process wide cache, with mutex guards, which makes the cache slower,
> and non-thread local caches means that cache misses are more likely.
>
> I'll try and follow up with people who can reproduce the
> problems to see if either one of the patches solve their problems
> without triggering other segmentation faults, but I'd appreciate
> comments if anyone has insight into the issue.
The problem is with freeing storage referenced by TLS variables in
destructors. The destructor is called only in one of the threads and the
variables might not be even properly initialized in that thread. One
possibility is to not free the storage at all but that will leak memory
if the libselinux is loaded/unloaded multiple times in a process.
The only proper way is to use TSD (pthread_key_create,
pthread_setspecific etc.) to store the pointers to the cached contexts.
The attached patch implements this. I did not test it thoroughly though.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libselinux/src/Makefile
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/Makefile
|