The build system for gnulib automagically detects and links against
libselinux. This causes trouble if e.g. findutils are compiled on a host
where selinux is present, but run on a system without. See also
https://bugs.gentoo.org/show_bug.cgi?id=330139.
The attached patch is only meant to illustrate the sort of solution I
had in mind in the special case of findutils-4.4.8, namely some sort
--enable/disable-selinux option to the configure script. This issue was
originally reported for findutils, see
http://savannah.gnu.org/bugs/?30608
// Best wishes; Johan
On 08/15/10 07:23, James Youngman wrote:
> Follow-up Comment #1:
>
> Sorry about my delay in response. Let me check I understood you:
>
> - you want to be able to forcibly prevent linking against the shared
> libraries for selinux in order to be able to build on system A (which has
> selinux) and run it on system B (which does not)?
>
> If so, I sympathise. However, many GNU tools are developed under the
> assumption that the system takes responsibility for a certain amount of
> backward compatibility. That is, that it will in general be possible to build
> on an old system and run on a new system. There's generally no assumption
> about the reverse hodling.
>
> However, "old" vs. "new" and "with-selinux" vs. "without-selinux" is I
> suppose orthogonal.
>
> As you indicated though, the right place to make any change of this type is
> gnulib. Could you raise this issue on bug-gnun...@gnu.org please?
--- gnulib/m4/include_next.m4.orig 2010-07-27 19:41:17.209940426 -0500
+++ gnulib/m4/include_next.m4 2010-07-27 19:41:49.432536035 -0500
@@ -125,7 +125,7 @@
[
AC_REQUIRE([gl_INCLUDE_NEXT])
AC_REQUIRE([AC_CANONICAL_HOST])
- AC_CHECK_HEADERS_ONCE([$1])
+ AC_CHECK_HEADERS([$1])
m4_foreach_w([gl_HEADER_NAME], [$1],
[AS_VAR_PUSHDEF([gl_next_header],
--- gnulib/m4/selinux-selinux-h.m4.orig 2010-07-27 19:49:16.068122989 -0500
+++ gnulib/m4/selinux-selinux-h.m4 2010-07-27 19:50:01.840547696 -0500
@@ -11,6 +11,11 @@
AC_DEFUN([gl_HEADERS_SELINUX_SELINUX_H],
[
+ AC_ARG_ENABLE(selinux,
+ AS_HELP_STRING(--disable-selinux,Disable SELinux support),
+ [ac_cv_selinux=$enableval],[ac_cv_selinux=yes])
+
+ if test "x$ac_cv_selinux" = "xyes"; then
AC_REQUIRE([gl_LIBSELINUX])
AC_CHECK_HEADERS([selinux/selinux.h])
@@ -34,6 +39,7 @@
AC_MSG_WARN([libselinux was found but selinux/selinux.h is missing.])
AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux support.])
esac
+ fi
])
AC_DEFUN([gl_LIBSELINUX],
@@ -44,6 +50,7 @@
gl_save_LIBS=$LIBS
AC_SEARCH_LIBS([setfilecon], [selinux],
[test "$ac_cv_search_setfilecon" = "none required" ||
+ test "$ac_cv_selinux" != "yes" ||
LIB_SELINUX=$ac_cv_search_setfilecon])
AC_SUBST([LIB_SELINUX])
LIBS=$gl_save_LIBS
