Hi Jim, Johan Hattne wrote: > ... trouble if e.g. findutils are compiled on a host > where selinux is present, but run on a system without.
For every somewhat complicated or possibly troublesome connection to an external package, it makes sense to have a --without-... option. Paul Eggert wrote: > The general idea seems sound, but it sounds like it should be a --with option, James Youngman wrote in <https://savannah.gnu.org/bugs/?30608> > I sympathise So here is a proposed patch. Can someone with access to an SELinux machine please test it? On such a system, run $ ./gnulib-tool --create-testdir --dir=/tmp/testdir selinux-h $ cd /tmp/testdir $ ./configure --without-selinux $ make the observe whether 1) gllib/selinux/context.h has been created, 2) HAVE_SELINUX_SELINUX_H is not defined in config.h. 2010-08-28 Bruno Haible <br...@clisp.org> selinux-h: Offer a --without-selinux option. * m4/selinux-selinux-h.m4 (gl_HEADERS_SELINUX_SELINUX_H): If --without-selinux was specified, skip all tests. (gl_LIBSELINUX): Offer --without-selinux option. If it is specified, set LIB_SELINUX to empty. * m4/selinux-context-h.m4 (gl_HEADERS_SELINUX_CONTEXT_H): Require gl_LIBSELINUX. If --without-selinux was specified, replace selinux/context.h. Reported by Johan Hattne <johan.hat...@utsouthwestern.edu>. --- m4/selinux-context-h.m4.orig Sat Aug 28 17:44:38 2010 +++ m4/selinux-context-h.m4 Sat Aug 28 17:27:12 2010 @@ -1,4 +1,4 @@ -# serial 1 -*- Autoconf -*- +# serial 2 -*- Autoconf -*- # Copyright (C) 2006-2007, 2009-2010 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -9,8 +9,13 @@ AC_DEFUN([gl_HEADERS_SELINUX_CONTEXT_H], [ - AC_CHECK_HEADERS([selinux/context.h], - [SELINUX_CONTEXT_H=], - [SELINUX_CONTEXT_H=selinux/context.h]) + AC_REQUIRE([gl_LIBSELINUX]) + if test "$with_selinux" != no; then + AC_CHECK_HEADERS([selinux/context.h], + [SELINUX_CONTEXT_H=], + [SELINUX_CONTEXT_H=selinux/context.h]) + else + SELINUX_CONTEXT_H=selinux/context.h + fi AC_SUBST([SELINUX_CONTEXT_H]) ]) --- m4/selinux-selinux-h.m4.orig Sat Aug 28 17:44:38 2010 +++ m4/selinux-selinux-h.m4 Sat Aug 28 17:39:46 2010 @@ -1,4 +1,4 @@ -# serial 3 -*- Autoconf -*- +# serial 4 -*- Autoconf -*- # Copyright (C) 2006-2007, 2009-2010 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -12,41 +12,52 @@ AC_DEFUN([gl_HEADERS_SELINUX_SELINUX_H], [ AC_REQUIRE([gl_LIBSELINUX]) - AC_CHECK_HEADERS([selinux/selinux.h]) + if test "$with_selinux" != no; then + AC_CHECK_HEADERS([selinux/selinux.h]) - if test "$ac_cv_header_selinux_selinux_h" = yes; then - # We do have <selinux/selinux.h>, so do compile getfilecon.c - # and arrange to use its wrappers. - AC_LIBOBJ([getfilecon]) - gl_CHECK_NEXT_HEADERS([selinux/selinux.h]) - AC_DEFINE([getfilecon], [rpl_getfilecon], - [Always use our getfilecon wrapper.]) - AC_DEFINE([lgetfilecon], [rpl_lgetfilecon], - [Always use our lgetfilecon wrapper.]) - AC_DEFINE([fgetfilecon], [rpl_fgetfilecon], - [Always use our fgetfilecon wrapper.]) + if test "$ac_cv_header_selinux_selinux_h" = yes; then + # We do have <selinux/selinux.h>, so do compile getfilecon.c + # and arrange to use its wrappers. + AC_LIBOBJ([getfilecon]) + gl_CHECK_NEXT_HEADERS([selinux/selinux.h]) + AC_DEFINE([getfilecon], [rpl_getfilecon], + [Always use our getfilecon wrapper.]) + AC_DEFINE([lgetfilecon], [rpl_lgetfilecon], + [Always use our lgetfilecon wrapper.]) + AC_DEFINE([fgetfilecon], [rpl_fgetfilecon], + [Always use our fgetfilecon wrapper.]) + fi + + case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in + no:*) # already warned + ;; + *:no) + AC_MSG_WARN([libselinux was found but selinux/selinux.h is missing.]) + AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux support.]) + esac + else + : fi - - case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in - no:*) # already warned - ;; - *:no) - AC_MSG_WARN([libselinux was found but selinux/selinux.h is missing.]) - AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux support.]) - esac ]) AC_DEFUN([gl_LIBSELINUX], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([AC_CANONICAL_BUILD]) + + AC_ARG_WITH([selinux], + AS_HELP_STRING([--without-selinux], [do not use SELinux, even on systems with SELinux]), + [], [with_selinux=maybe]) + LIB_SELINUX= - gl_save_LIBS=$LIBS - AC_SEARCH_LIBS([setfilecon], [selinux], - [test "$ac_cv_search_setfilecon" = "none required" || - LIB_SELINUX=$ac_cv_search_setfilecon]) + if test "$with_selinux" != no; then + gl_save_LIBS=$LIBS + AC_SEARCH_LIBS([setfilecon], [selinux], + [test "$ac_cv_search_setfilecon" = "none required" || + LIB_SELINUX=$ac_cv_search_setfilecon]) + LIBS=$gl_save_LIBS + fi AC_SUBST([LIB_SELINUX]) - LIBS=$gl_save_LIBS # Warn if SELinux is found but libselinux is absent; if test "$ac_cv_search_setfilecon" = no &&
