| Message ID | 148233685348.23556.6766505841733321185.stgit@sifl (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On 21/12/16 17:14, Paul Moore wrote: > From: Paul Moore <paul@paul-moore.com> > > Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability > definitions") added a check on the defined capabilities without > explicitly including the capability header file which caused problems > when building genheaders for users of clang/llvm. Resolve this by > using the kernel headers when building genheaders, which is arguably > the right thing to do regardless, and explicitly including the > kernel's capability.h header file in classmap.h. We also update the > mdp build, even though it wasn't causing an error we really should > be using the headers from the kernel we are building. I tested this patch and it works fine on my configuration (no compiler warning and the kernel headers are included as expected). Thanks! Nicolas
On Wed, Dec 21, 2016 at 1:06 PM, Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > On 21/12/16 17:14, Paul Moore wrote: >> From: Paul Moore <paul@paul-moore.com> >> >> Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability >> definitions") added a check on the defined capabilities without >> explicitly including the capability header file which caused problems >> when building genheaders for users of clang/llvm. Resolve this by >> using the kernel headers when building genheaders, which is arguably >> the right thing to do regardless, and explicitly including the >> kernel's capability.h header file in classmap.h. We also update the >> mdp build, even though it wasn't causing an error we really should >> be using the headers from the kernel we are building. > > I tested this patch and it works fine on my configuration (no compiler > warning and the kernel headers are included as expected). Thanks! Great, thanks for the verification. I'll send this patch up for v4.10 later today.
diff --git a/scripts/selinux/genheaders/Makefile b/scripts/selinux/genheaders/Makefile index 1d1ac51359e3..6fc2b8789a0b 100644 --- a/scripts/selinux/genheaders/Makefile +++ b/scripts/selinux/genheaders/Makefile @@ -1,4 +1,6 @@ hostprogs-y := genheaders -HOST_EXTRACFLAGS += -Isecurity/selinux/include +HOST_EXTRACFLAGS += \ + -I$(srctree)/include/uapi -I$(srctree)/include \ + -I$(srctree)/security/selinux/include always := $(hostprogs-y) diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c index 539855ff31f9..f4dd41f900d5 100644 --- a/scripts/selinux/genheaders/genheaders.c +++ b/scripts/selinux/genheaders/genheaders.c @@ -1,3 +1,7 @@ + +/* NOTE: we really do want to use the kernel headers here */ +#define __EXPORTED_HEADERS__ + #include <stdio.h> #include <stdlib.h> #include <unistd.h> diff --git a/scripts/selinux/mdp/Makefile b/scripts/selinux/mdp/Makefile index dba7eff69a00..d6a83cafe59f 100644 --- a/scripts/selinux/mdp/Makefile +++ b/scripts/selinux/mdp/Makefile @@ -1,5 +1,7 @@ hostprogs-y := mdp -HOST_EXTRACFLAGS += -Isecurity/selinux/include +HOST_EXTRACFLAGS += \ + -I$(srctree)/include/uapi -I$(srctree)/include \ + -I$(srctree)/security/selinux/include always := $(hostprogs-y) clean-files := policy.* file_contexts diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c index e10beb11b696..c29fa4a6228d 100644 --- a/scripts/selinux/mdp/mdp.c +++ b/scripts/selinux/mdp/mdp.c @@ -24,6 +24,10 @@ * Authors: Serge E. Hallyn <serue@us.ibm.com> */ + +/* NOTE: we really do want to use the kernel headers here */ +#define __EXPORTED_HEADERS__ + #include <stdio.h> #include <stdlib.h> #include <unistd.h> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index e2d4ad3a4b4c..13ae49b0baa0 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -1,3 +1,5 @@ +#include <linux/capability.h> + #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"