From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Karel Klic Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] SELinux support Date: Thu, 18 Mar 2010 14:33:37 +0100 Message-ID: <4BA22BB1.9040709@redhat.com> References: <4B8D68A7.6000907@redhat.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------070409030406040202010701" X-Trace: dough.gmane.org 1268919247 12006 80.91.229.12 (18 Mar 2010 13:34:07 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 18 Mar 2010 13:34:07 +0000 (UTC) Cc: emacs-devel@gnu.org To: Glenn Morris Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Mar 18 14:34:03 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1NsFrN-0005EC-3r for ged-emacs-devel@m.gmane.org; Thu, 18 Mar 2010 14:34:01 +0100 Original-Received: from localhost ([127.0.0.1]:57467 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NsFrM-0004V4-Hh for ged-emacs-devel@m.gmane.org; Thu, 18 Mar 2010 09:34:00 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NsFrC-0004SZ-Kn for emacs-devel@gnu.org; Thu, 18 Mar 2010 09:33:50 -0400 Original-Received: from [140.186.70.92] (port=33990 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NsFrA-0004RY-Ry for emacs-devel@gnu.org; Thu, 18 Mar 2010 09:33:50 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NsFr9-0005y9-JO for emacs-devel@gnu.org; Thu, 18 Mar 2010 09:33:48 -0400 Original-Received: from mx1.redhat.com ([209.132.183.28]:10315) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NsFr5-0005wV-Nk; Thu, 18 Mar 2010 09:33:43 -0400 Original-Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2IDXdqd021808 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 18 Mar 2010 09:33:40 -0400 Original-Received: from dhcp-lab-117.englab.brq.redhat.com (dhcp-lab-198.englab.brq.redhat.com [10.34.33.198]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o2IDXciQ017327; Thu, 18 Mar 2010 09:33:38 -0400 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100301 Fedora/3.0.3-1.fc12 Thunderbird/3.0.3 In-Reply-To: X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:122157 Archived-At: This is a multi-part message in MIME format. --------------070409030406040202010701 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi Glenn, On 03/18/2010 01:10 AM, Glenn Morris wrote: > > I tried it on a (virtual) Fedora 12 installation, and it doesn't seem > to work. file-selinux-context always returns nil. (Disclaimer: I know > nothing about SELinux.) > > /usr/sbin/getenforce -> Enforcing > > checking for libselinux... yes > checking LIBSELINUX_LIBS... -lselinux > Does Emacs use -lselinux? yes > > ldd emacs | grep selinux -> libselinux.so.1 => /lib64/libselinux.so.1 > > ls -l --context /etc/printcap > -rw-r--r--. root root system_u:object_r:cupsd_rw_etc_t:s0 /etc/printcap > > (file-selinux-context "/etc/printcap") -> (nil nil nil nil) That is strange, it works well here on Fedora 12. The only difference is in i686 / x86_64 architecture. I'll try x86_64 tomorrow. I just modified emacs-1-selinux-config.patch (attached) to apply cleanly on the most recent bzr. Here is my story: $ getenforce Enforcing $ bzr clone http://bzr.savannah.gnu.org/r/emacs/trunk/ emacs-bzr-cur $ cd emacs-bzr-cur $ patch -p1 -b -z .selinux-config /lib/libselinux.so.1 (0x0061e000) $ ./emacs --batch --eval "(prin1 (file-selinux-context \"/etc/printcap\"))" ("system_u" "object_r" "cupsd_rw_etc_t" "s0") Karel --------------070409030406040202010701 Content-Type: text/x-patch; name="emacs-1-selinux-config.patch" Content-Disposition: attachment; filename="emacs-1-selinux-config.patch" Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mx1.redhat.com id o2IDXdqd021808 diff -U0 ./ChangeLog.selinux-config ./ChangeLog --- ./ChangeLog.selinux-config 2010-03-18 11:58:51.539761413 +0100 +++ ./ChangeLog 2010-03-18 12:01:16.057886634 +0100 @@ -0,0 +1,5 @@ +2010-02-23 Karel Kl=C3=AD=C4=8D + + * configure.in: New option: --with(out)-selinux.=20 + Set HAVE_LIBSELINUX if we find libselinux. + diff -up ./configure.in.selinux-config ./configure.in --- ./configure.in.selinux-config 2010-03-18 11:58:51.770761262 +0100 +++ ./configure.in 2010-03-18 12:01:16.058886899 +0100 @@ -161,6 +161,7 @@ OPTION_DEFAULT_OFF([ns],[use nextstep (C OPTION_DEFAULT_ON([gpm],[don't use -lgpm for mouse support on a GNU/Linu= x console]) OPTION_DEFAULT_ON([dbus],[don't compile with D-Bus support]) OPTION_DEFAULT_ON([gconf],[don't compile with GConf support]) +OPTION_DEFAULT_ON([selinux],[don't compile with SELinux support]) =20 ## For the times when you want to build Emacs but don't have ## a suitable makeinfo, and can live without the manuals. @@ -1779,6 +1780,15 @@ if test "${HAVE_X11}" =3D "yes" && test "$ fi fi =20 +dnl SELinux is available for GNU/Linux only. +HAVE_LIBSELINUX=3Dno +if test "${with_selinux}" =3D "yes"; then + PKG_CHECK_MODULES(LIBSELINUX, libselinux, HAVE_LIBSELINUX=3Dyes, HAVE= _LIBSELINUX=3Dno) + if test "$HAVE_LIBSELINUX" =3D yes; then + AC_DEFINE(HAVE_LIBSELINUX, 1, [Define to 1 if using SELinux.]) + fi +fi + dnl Do not put whitespace before the #include statements below. dnl Older compilers (eg sunos4 cc) choke on it. HAVE_XAW3D=3Dno @@ -3121,6 +3131,7 @@ echo " Does Emacs use -lrsvg-2? =20 echo " Does Emacs use -lgpm? ${HAVE_G= PM}" echo " Does Emacs use -ldbus? ${HAVE_D= BUS}" echo " Does Emacs use -lgconf? ${HAVE_G= CONF}" +echo " Does Emacs use -lselinux? ${HAVE_L= IBSELINUX}" =20 echo " Does Emacs use -lfreetype? ${HAVE_F= REETYPE}" echo " Does Emacs use -lm17n-flt? ${HAVE_M= 17N_FLT}" diff -U0 ./src/ChangeLog.selinux-config ./src/ChangeLog --- ./src/ChangeLog.selinux-config 2010-03-18 11:58:51.528762063 +0100 +++ ./src/ChangeLog 2010-03-18 12:01:16.065886521 +0100 @@ -0,0 +1,4 @@ +2010-02-23 Karel Kl=C3=AD=C4=8D + + * Makefile.in: Added libselinux CFLAGS and LIBS. + diff -up ./src/Makefile.in.selinux-config ./src/Makefile.in --- ./src/Makefile.in.selinux-config 2010-03-18 11:58:52.578886447 +0100 +++ ./src/Makefile.in 2010-03-18 12:02:23.359767558 +0100 @@ -253,6 +253,11 @@ GCONF_CFLAGS =3D @GCONF_CFLAGS@ GCONF_LIBS =3D @GCONF_LIBS@ #endif =20 +#ifdef HAVE_LIBSELINUX +LIBSELINUX_CFLAGS =3D @LIBSELINUX_CFLAGS@ +LIBSELINUX_LIBS =3D @LIBSELINUX_LIBS@ +#endif + /* DO NOT use -R. There is a special hack described in lastfile.c which is used instead. Some initialized data areas are modified at initial startup, then labeled as part of the text area when @@ -266,7 +271,7 @@ GCONF_LIBS =3D @GCONF_LIBS@ =20 /* C_SWITCH_X_SITE must come before C_SWITCH_X_MACHINE and C_SWITCH_X_SY= STEM since it may have -I options that should override those two. */ -ALL_CFLAGS=3D-Demacs -DHAVE_CONFIG_H $(MYCPPFLAGS) -I. -I${srcdir} C_SWI= TCH_MACHINE C_SWITCH_SYSTEM C_SWITCH_X_SITE C_SWITCH_X_MACHINE C_SWITCH_X= _SYSTEM C_SWITCH_SYSTEM_TEMACS ${CFLAGS_SOUND} ${RSVG_CFLAGS} ${DBUS_CFLA= GS} ${GCONF_CFLAGS} ${CFLAGS} @FREETYPE_CFLAGS@ @FONTCONFIG_CFLAGS@ @LIBO= TF_CFLAGS@ @M17N_FLT_CFLAGS@ ${DEPFLAGS} +ALL_CFLAGS=3D-Demacs -DHAVE_CONFIG_H $(MYCPPFLAGS) -I. -I${srcdir} C_SWI= TCH_MACHINE C_SWITCH_SYSTEM C_SWITCH_X_SITE C_SWITCH_X_MACHINE C_SWITCH_X= _SYSTEM C_SWITCH_SYSTEM_TEMACS ${CFLAGS_SOUND} ${RSVG_CFLAGS} ${DBUS_CFLA= GS} ${GCONF_CFLAGS} ${LIBSELINUX_CFLAGS} ${CFLAGS} @FREETYPE_CFLAGS@ @FON= TCONFIG_CFLAGS@ @LIBOTF_CFLAGS@ @M17N_FLT_CFLAGS@ ${DEPFLAGS} ALL_OBJC_CFLAGS=3D$(ALL_CFLAGS) @GNU_OBJC_CFLAGS@ =20 .SUFFIXES: .m @@ -849,7 +854,7 @@ SOME_MACHINE_LISP =3D ../lisp/mouse.elc \ =20 LIBES =3D $(LOADLIBES) $(LIBS) $(LIBX) $(LIBSOUND) $(RSVG_LIBS) $(DBUS_L= IBS) \ @LIBGPM@ @LIBRESOLV@ LIBS_SYSTEM LIBS_MACHINE LIBS_TERMCAP \ - LIBS_DEBUG $(GETLOADAVG_LIBS) ${GCONF_LIBS} \ + LIBS_DEBUG $(GETLOADAVG_LIBS) ${GCONF_LIBS} ${LIBSELINUX_LIBS} \ @FREETYPE_LIBS@ @FONTCONFIG_LIBS@ @LIBOTF_LIBS@ @M17N_FLT_LIBS@ \ $(GNULIB_VAR) LIB_MATH LIB_STANDARD $(GNULIB_VAR) =20 --------------070409030406040202010701--