commit:     832e916fb83bfbc7f8a2dabcf90fe53cc89facca
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 22:58:20 2019 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:58:20 2019 +0000
URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=832e916f

selinux: use kernel linux/socket.h for genheaders and mdp

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 0000_README                                |   4 ++
 1520_selinux-genheaders-mdp-socket-h.patch | 101 +++++++++++++++++++++++++++++
 2 files changed, 105 insertions(+)

diff --git a/0000_README b/0000_README
index 08bf515..94d78d9 100644
--- a/0000_README
+++ b/0000_README
@@ -503,6 +503,10 @@ Patch:  
1510_fs-enable-link-security-restrictions-by-default.patch
 From:   
http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
 Desc:   Enable link security restrictions by default.
 
+Patch:  1520_selinux-genheaders-mdp-socket-h.patch
+From:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/
+Desc:   selinux: use kernel linux/socket.h for genheaders and mdp. See bug 
#684278.
+
 Patch:  1700_ia64_fix_ptrace.patch
 From:   https://patchwork.kernel.org/patch/10198159/
 Desc:   ia64: fix ptrace(PTRACE_GETREGS) (unbreaks strace, gdb).

diff --git a/1520_selinux-genheaders-mdp-socket-h.patch 
b/1520_selinux-genheaders-mdp-socket-h.patch
new file mode 100644
index 0000000..fb87c12
--- /dev/null
+++ b/1520_selinux-genheaders-mdp-socket-h.patch
@@ -0,0 +1,101 @@
+From ff1bf4c0714e7936330bb316090a75eaa35061e7 Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <[email protected]>
+Date: Sun, 24 Feb 2019 21:55:28 -0300
+Subject: selinux: use kernel linux/socket.h for genheaders and mdp
+
+When compiling genheaders and mdp from a newer host kernel, the
+following error happens:
+
+    In file included from scripts/selinux/genheaders/genheaders.c:18:
+    ./security/selinux/include/classmap.h:238:2: error: #error New
+    address family defined, please update secclass_map.  #error New
+    address family defined, please update secclass_map.  ^~~~~
+    make[3]: *** [scripts/Makefile.host:107:
+    scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
+    [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
+    make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
+    make[1]: *** Waiting for unfinished jobs....
+
+Instead of relying on the host definition, include linux/socket.h in
+classmap.h to have PF_MAX.
+
+Signed-off-by: Paulo Alcantara <[email protected]>
+Acked-by: Stephen Smalley <[email protected]>
+[PM: manually merge in mdp.c, subject line tweaks]
+Signed-off-by: Paul Moore <[email protected]>
+---
+ scripts/selinux/genheaders/genheaders.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+(limited to 'scripts/selinux/genheaders/genheaders.c')
+
+diff --git a/scripts/selinux/genheaders/genheaders.c 
b/scripts/selinux/genheaders/genheaders.c
+index 1ceedea847dd..544ca126a8a8 100644
+--- a/scripts/selinux/genheaders/genheaders.c
++++ b/scripts/selinux/genheaders/genheaders.c
+@@ -9,7 +9,6 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <ctype.h>
+-#include <sys/socket.h>
+ 
+ struct security_class_mapping {
+       const char *name;
+-- 
+cgit 1.2-0.3.lf.el7
+
+--- a/scripts/selinux/mdp/mdp.c        2019-04-24 18:49:29.253924874 -0400
++++ b/scripts/selinux/mdp/mdp.c        2019-04-24 18:49:59.080183100 -0400
+@@ -32,7 +32,6 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
+-#include <sys/socket.h>
+ 
+ static void usage(char *name)
+ {
+From ff1bf4c0714e7936330bb316090a75eaa35061e7 Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <[email protected]>
+Date: Sun, 24 Feb 2019 21:55:28 -0300
+Subject: selinux: use kernel linux/socket.h for genheaders and mdp
+
+When compiling genheaders and mdp from a newer host kernel, the
+following error happens:
+
+    In file included from scripts/selinux/genheaders/genheaders.c:18:
+    ./security/selinux/include/classmap.h:238:2: error: #error New
+    address family defined, please update secclass_map.  #error New
+    address family defined, please update secclass_map.  ^~~~~
+    make[3]: *** [scripts/Makefile.host:107:
+    scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
+    [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
+    make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
+    make[1]: *** Waiting for unfinished jobs....
+
+Instead of relying on the host definition, include linux/socket.h in
+classmap.h to have PF_MAX.
+
+Signed-off-by: Paulo Alcantara <[email protected]>
+Acked-by: Stephen Smalley <[email protected]>
+[PM: manually merge in mdp.c, subject line tweaks]
+Signed-off-by: Paul Moore <[email protected]>
+---
+ security/selinux/include/classmap.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+(limited to 'security/selinux/include/classmap.h')
+
+diff --git a/security/selinux/include/classmap.h 
b/security/selinux/include/classmap.h
+index bd5fe0d3204a..201f7e588a29 100644
+--- a/security/selinux/include/classmap.h
++++ b/security/selinux/include/classmap.h
+@@ -1,5 +1,6 @@
+ /* SPDX-License-Identifier: GPL-2.0 */
+ #include <linux/capability.h>
++#include <linux/socket.h>
+ 
+ #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
+     "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
+-- 
+cgit 1.2-0.3.lf.el7
+

Reply via email to