From: Karel Klic <kklic@redhat.com>
To: Glenn Morris <rgm@gnu.org>
Cc: emacs-devel@gnu.org
Subject: Re: [PATCH] SELinux support
Date: Thu, 18 Mar 2010 14:33:37 +0100 [thread overview]
Message-ID: <4BA22BB1.9040709@redhat.com> (raw)
In-Reply-To: <bwpr32trpm.fsf@fencepost.gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1579 bytes --]
Hi Glenn,
On 03/18/2010 01:10 AM, Glenn Morris wrote:
>
> I tried it on a (virtual) Fedora 12 installation, and it doesn't seem
> to work. file-selinux-context always returns nil. (Disclaimer: I know
> nothing about SELinux.)
>
> /usr/sbin/getenforce -> Enforcing
>
> checking for libselinux... yes
> checking LIBSELINUX_LIBS... -lselinux
> Does Emacs use -lselinux? yes
>
> ldd emacs | grep selinux -> libselinux.so.1 => /lib64/libselinux.so.1
>
> ls -l --context /etc/printcap
> -rw-r--r--. root root system_u:object_r:cupsd_rw_etc_t:s0 /etc/printcap
>
> (file-selinux-context "/etc/printcap") -> (nil nil nil nil)
That is strange, it works well here on Fedora 12. The only difference is
in i686 / x86_64 architecture. I'll try x86_64 tomorrow.
I just modified emacs-1-selinux-config.patch (attached) to apply cleanly
on the most recent bzr.
Here is my story:
$ getenforce
Enforcing
$ bzr clone http://bzr.savannah.gnu.org/r/emacs/trunk/ emacs-bzr-cur
$ cd emacs-bzr-cur
$ patch -p1 -b -z .selinux-config <emacs-1-selinux-config.patch
$ patch -p1 -b -z .selinux-get-set-context-fun
<emacs-2-selinux-get-set-context-fun.patch
$ patch -p1 -b -z .selinux-backups-on-save
<emacs-3-selinux-backups-on-save.patch
$ autoreconf
$ ./configure
Does Emacs use -lselinux? yes
$ make
$ cd src
$ ldd ./emacs | grep selinux
libselinux.so.1 => /lib/libselinux.so.1 (0x0061e000)
$ ./emacs --batch --eval "(prin1 (file-selinux-context \"/etc/printcap\"))"
("system_u" "object_r" "cupsd_rw_etc_t" "s0")
Karel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: emacs-1-selinux-config.patch --]
[-- Type: text/x-patch; name="emacs-1-selinux-config.patch", Size: 4423 bytes --]
diff -U0 ./ChangeLog.selinux-config ./ChangeLog
--- ./ChangeLog.selinux-config 2010-03-18 11:58:51.539761413 +0100
+++ ./ChangeLog 2010-03-18 12:01:16.057886634 +0100
@@ -0,0 +1,5 @@
+2010-02-23 Karel Klíč <kklic@redhat.com>
+
+ * configure.in: New option: --with(out)-selinux.
+ Set HAVE_LIBSELINUX if we find libselinux.
+
diff -up ./configure.in.selinux-config ./configure.in
--- ./configure.in.selinux-config 2010-03-18 11:58:51.770761262 +0100
+++ ./configure.in 2010-03-18 12:01:16.058886899 +0100
@@ -161,6 +161,7 @@ OPTION_DEFAULT_OFF([ns],[use nextstep (C
OPTION_DEFAULT_ON([gpm],[don't use -lgpm for mouse support on a GNU/Linux console])
OPTION_DEFAULT_ON([dbus],[don't compile with D-Bus support])
OPTION_DEFAULT_ON([gconf],[don't compile with GConf support])
+OPTION_DEFAULT_ON([selinux],[don't compile with SELinux support])
## For the times when you want to build Emacs but don't have
## a suitable makeinfo, and can live without the manuals.
@@ -1779,6 +1780,15 @@ if test "${HAVE_X11}" = "yes" && test "$
fi
fi
+dnl SELinux is available for GNU/Linux only.
+HAVE_LIBSELINUX=no
+if test "${with_selinux}" = "yes"; then
+ PKG_CHECK_MODULES(LIBSELINUX, libselinux, HAVE_LIBSELINUX=yes, HAVE_LIBSELINUX=no)
+ if test "$HAVE_LIBSELINUX" = yes; then
+ AC_DEFINE(HAVE_LIBSELINUX, 1, [Define to 1 if using SELinux.])
+ fi
+fi
+
dnl Do not put whitespace before the #include statements below.
dnl Older compilers (eg sunos4 cc) choke on it.
HAVE_XAW3D=no
@@ -3121,6 +3131,7 @@ echo " Does Emacs use -lrsvg-2?
echo " Does Emacs use -lgpm? ${HAVE_GPM}"
echo " Does Emacs use -ldbus? ${HAVE_DBUS}"
echo " Does Emacs use -lgconf? ${HAVE_GCONF}"
+echo " Does Emacs use -lselinux? ${HAVE_LIBSELINUX}"
echo " Does Emacs use -lfreetype? ${HAVE_FREETYPE}"
echo " Does Emacs use -lm17n-flt? ${HAVE_M17N_FLT}"
diff -U0 ./src/ChangeLog.selinux-config ./src/ChangeLog
--- ./src/ChangeLog.selinux-config 2010-03-18 11:58:51.528762063 +0100
+++ ./src/ChangeLog 2010-03-18 12:01:16.065886521 +0100
@@ -0,0 +1,4 @@
+2010-02-23 Karel Klíč <kklic@redhat.com>
+
+ * Makefile.in: Added libselinux CFLAGS and LIBS.
+
diff -up ./src/Makefile.in.selinux-config ./src/Makefile.in
--- ./src/Makefile.in.selinux-config 2010-03-18 11:58:52.578886447 +0100
+++ ./src/Makefile.in 2010-03-18 12:02:23.359767558 +0100
@@ -253,6 +253,11 @@ GCONF_CFLAGS = @GCONF_CFLAGS@
GCONF_LIBS = @GCONF_LIBS@
#endif
+#ifdef HAVE_LIBSELINUX
+LIBSELINUX_CFLAGS = @LIBSELINUX_CFLAGS@
+LIBSELINUX_LIBS = @LIBSELINUX_LIBS@
+#endif
+
/* DO NOT use -R. There is a special hack described in lastfile.c
which is used instead. Some initialized data areas are modified
at initial startup, then labeled as part of the text area when
@@ -266,7 +271,7 @@ GCONF_LIBS = @GCONF_LIBS@
/* C_SWITCH_X_SITE must come before C_SWITCH_X_MACHINE and C_SWITCH_X_SYSTEM
since it may have -I options that should override those two. */
-ALL_CFLAGS=-Demacs -DHAVE_CONFIG_H $(MYCPPFLAGS) -I. -I${srcdir} C_SWITCH_MACHINE C_SWITCH_SYSTEM C_SWITCH_X_SITE C_SWITCH_X_MACHINE C_SWITCH_X_SYSTEM C_SWITCH_SYSTEM_TEMACS ${CFLAGS_SOUND} ${RSVG_CFLAGS} ${DBUS_CFLAGS} ${GCONF_CFLAGS} ${CFLAGS} @FREETYPE_CFLAGS@ @FONTCONFIG_CFLAGS@ @LIBOTF_CFLAGS@ @M17N_FLT_CFLAGS@ ${DEPFLAGS}
+ALL_CFLAGS=-Demacs -DHAVE_CONFIG_H $(MYCPPFLAGS) -I. -I${srcdir} C_SWITCH_MACHINE C_SWITCH_SYSTEM C_SWITCH_X_SITE C_SWITCH_X_MACHINE C_SWITCH_X_SYSTEM C_SWITCH_SYSTEM_TEMACS ${CFLAGS_SOUND} ${RSVG_CFLAGS} ${DBUS_CFLAGS} ${GCONF_CFLAGS} ${LIBSELINUX_CFLAGS} ${CFLAGS} @FREETYPE_CFLAGS@ @FONTCONFIG_CFLAGS@ @LIBOTF_CFLAGS@ @M17N_FLT_CFLAGS@ ${DEPFLAGS}
ALL_OBJC_CFLAGS=$(ALL_CFLAGS) @GNU_OBJC_CFLAGS@
.SUFFIXES: .m
@@ -849,7 +854,7 @@ SOME_MACHINE_LISP = ../lisp/mouse.elc \
LIBES = $(LOADLIBES) $(LIBS) $(LIBX) $(LIBSOUND) $(RSVG_LIBS) $(DBUS_LIBS) \
@LIBGPM@ @LIBRESOLV@ LIBS_SYSTEM LIBS_MACHINE LIBS_TERMCAP \
- LIBS_DEBUG $(GETLOADAVG_LIBS) ${GCONF_LIBS} \
+ LIBS_DEBUG $(GETLOADAVG_LIBS) ${GCONF_LIBS} ${LIBSELINUX_LIBS} \
@FREETYPE_LIBS@ @FONTCONFIG_LIBS@ @LIBOTF_LIBS@ @M17N_FLT_LIBS@ \
$(GNULIB_VAR) LIB_MATH LIB_STANDARD $(GNULIB_VAR)
next prev parent reply other threads:[~2010-03-18 13:33 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-02 19:36 [PATCH] SELinux support Karel Klic
2010-03-17 2:18 ` Glenn Morris
2010-03-18 0:10 ` Glenn Morris
2010-03-18 13:33 ` Karel Klic [this message]
2010-03-19 2:46 ` Glenn Morris
2010-03-22 14:53 ` Karel Klic
2010-03-22 16:01 ` Tom Tromey
2010-03-22 18:13 ` Glenn Morris
2010-03-29 13:53 ` Karel Klic
2010-03-29 19:00 ` Glenn Morris
2010-04-21 3:55 ` Glenn Morris
2010-04-23 14:23 ` Michael Albinus
2010-04-30 6:43 ` Karel Klic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA22BB1.9040709@redhat.com \
--to=kklic@redhat.com \
--cc=emacs-devel@gnu.org \
--cc=rgm@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).