Commit bfc5e3a6 authored by Paul Moore's avatar Paul Moore

selinux: use the kernel headers when building scripts/selinux

Commit 3322d0d6 ("selinux: keep SELinux in sync with new capability
definitions") added a check on the defined capabilities without
explicitly including the capability header file which caused problems
when building genheaders for users of clang/llvm.  Resolve this by
using the kernel headers when building genheaders, which is arguably
the right thing to do regardless, and explicitly including the
kernel's capability.h header file in classmap.h.  We also update the
mdp build, even though it wasn't causing an error we really should
be using the headers from the kernel we are building.
Reported-by: default avatarNicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 9287aed2
hostprogs-y := genheaders hostprogs-y := genheaders
HOST_EXTRACFLAGS += -Isecurity/selinux/include HOST_EXTRACFLAGS += \
-I$(srctree)/include/uapi -I$(srctree)/include \
-I$(srctree)/security/selinux/include
always := $(hostprogs-y) always := $(hostprogs-y)
/* NOTE: we really do want to use the kernel headers here */
#define __EXPORTED_HEADERS__
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
......
hostprogs-y := mdp hostprogs-y := mdp
HOST_EXTRACFLAGS += -Isecurity/selinux/include HOST_EXTRACFLAGS += \
-I$(srctree)/include/uapi -I$(srctree)/include \
-I$(srctree)/security/selinux/include
always := $(hostprogs-y) always := $(hostprogs-y)
clean-files := policy.* file_contexts clean-files := policy.* file_contexts
...@@ -24,6 +24,10 @@ ...@@ -24,6 +24,10 @@
* Authors: Serge E. Hallyn <serue@us.ibm.com> * Authors: Serge E. Hallyn <serue@us.ibm.com>
*/ */
/* NOTE: we really do want to use the kernel headers here */
#define __EXPORTED_HEADERS__
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
......
#include <linux/capability.h>
#define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
"getattr", "setattr", "lock", "relabelfrom", "relabelto", "append" "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment