tags 861881 + patch
thanks
On Fri, 05 May 2017 12:36:22 +0200 Laurent Bigonville <bi...@debian.org>
wrote:
> Hi,
>
> It would be nice to enable labeled ipsec/SELinux support in libreswan.
>
> This would only work on Linux architectures.
See attached patch
Cheers,
Laurent Bigonville
diff -Nru libreswan-3.20/debian/control libreswan-3.20/debian/control
--- libreswan-3.20/debian/control 2017-03-21 21:14:19.000000000 +0100
+++ libreswan-3.20/debian/control 2017-05-05 12:38:19.000000000 +0200
@@ -14,6 +14,7 @@
debhelper (>= 10~),
flex,
htmldoc,
+ libaudit-dev [linux-any],
libcap-ng-dev,
libcurl4-nss-dev,
libevent-dev,
@@ -23,6 +24,7 @@
libnss3-dev (>= 3.16),
libnss3-tools,
libpam0g-dev,
+ libselinux1-dev [linux-any],
libsystemd-dev,
libunbound-dev,
man2html,
diff -Nru libreswan-3.20/debian/rules libreswan-3.20/debian/rules
--- libreswan-3.20/debian/rules 2017-03-21 21:14:19.000000000 +0100
+++ libreswan-3.20/debian/rules 2017-05-05 12:38:23.000000000 +0200
@@ -11,6 +11,12 @@
export USERCOMPILE = -fexceptions -fno-strict-aliasing -fPIE -DPIE
endif
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+ ENABLE_SELINUX = USE_LABELED_IPSEC=true USE_LINUX_AUDIT=true
+else
+ ENABLE_SELINUX = USE_LABELED_IPSEC=false USE_LINUX_AUDIT=false
+endif
+
override_dh_auto_build:
$(MAKE) programs \
INC_USRLOCAL=/usr \
@@ -23,7 +29,7 @@
USE_XAUTHPAM=true \
USE_FIPSCHECK=false \
USE_LIBCAP_NG=true \
- USE_LABELED_IPSEC=false \
+ $(ENABLE_SELINUX) \
USE_KLIPS=false \
USE_DNSSEC=true
