commit: 832e916fb83bfbc7f8a2dabcf90fe53cc89facca Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Wed Apr 24 22:58:20 2019 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Wed Apr 24 22:58:20 2019 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=832e916f
selinux: use kernel linux/socket.h for genheaders and mdp Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 ++ 1520_selinux-genheaders-mdp-socket-h.patch | 101 +++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) diff --git a/0000_README b/0000_README index 08bf515..94d78d9 100644 --- a/0000_README +++ b/0000_README @@ -503,6 +503,10 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ Desc: Enable link security restrictions by default. +Patch: 1520_selinux-genheaders-mdp-socket-h.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/ +Desc: selinux: use kernel linux/socket.h for genheaders and mdp. See bug #684278. + Patch: 1700_ia64_fix_ptrace.patch From: https://patchwork.kernel.org/patch/10198159/ Desc: ia64: fix ptrace(PTRACE_GETREGS) (unbreaks strace, gdb). diff --git a/1520_selinux-genheaders-mdp-socket-h.patch b/1520_selinux-genheaders-mdp-socket-h.patch new file mode 100644 index 0000000..fb87c12 --- /dev/null +++ b/1520_selinux-genheaders-mdp-socket-h.patch @@ -0,0 +1,101 @@ +From ff1bf4c0714e7936330bb316090a75eaa35061e7 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara <[email protected]> +Date: Sun, 24 Feb 2019 21:55:28 -0300 +Subject: selinux: use kernel linux/socket.h for genheaders and mdp + +When compiling genheaders and mdp from a newer host kernel, the +following error happens: + + In file included from scripts/selinux/genheaders/genheaders.c:18: + ./security/selinux/include/classmap.h:238:2: error: #error New + address family defined, please update secclass_map. #error New + address family defined, please update secclass_map. ^~~~~ + make[3]: *** [scripts/Makefile.host:107: + scripts/selinux/genheaders/genheaders] Error 1 make[2]: *** + [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2 + make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2 + make[1]: *** Waiting for unfinished jobs.... + +Instead of relying on the host definition, include linux/socket.h in +classmap.h to have PF_MAX. + +Signed-off-by: Paulo Alcantara <[email protected]> +Acked-by: Stephen Smalley <[email protected]> +[PM: manually merge in mdp.c, subject line tweaks] +Signed-off-by: Paul Moore <[email protected]> +--- + scripts/selinux/genheaders/genheaders.c | 1 - + 1 file changed, 1 deletion(-) + +(limited to 'scripts/selinux/genheaders/genheaders.c') + +diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c +index 1ceedea847dd..544ca126a8a8 100644 +--- a/scripts/selinux/genheaders/genheaders.c ++++ b/scripts/selinux/genheaders/genheaders.c +@@ -9,7 +9,6 @@ + #include <string.h> + #include <errno.h> + #include <ctype.h> +-#include <sys/socket.h> + + struct security_class_mapping { + const char *name; +-- +cgit 1.2-0.3.lf.el7 + +--- a/scripts/selinux/mdp/mdp.c 2019-04-24 18:49:29.253924874 -0400 ++++ b/scripts/selinux/mdp/mdp.c 2019-04-24 18:49:59.080183100 -0400 +@@ -32,7 +32,6 @@ + #include <stdlib.h> + #include <unistd.h> + #include <string.h> +-#include <sys/socket.h> + + static void usage(char *name) + { +From ff1bf4c0714e7936330bb316090a75eaa35061e7 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara <[email protected]> +Date: Sun, 24 Feb 2019 21:55:28 -0300 +Subject: selinux: use kernel linux/socket.h for genheaders and mdp + +When compiling genheaders and mdp from a newer host kernel, the +following error happens: + + In file included from scripts/selinux/genheaders/genheaders.c:18: + ./security/selinux/include/classmap.h:238:2: error: #error New + address family defined, please update secclass_map. #error New + address family defined, please update secclass_map. ^~~~~ + make[3]: *** [scripts/Makefile.host:107: + scripts/selinux/genheaders/genheaders] Error 1 make[2]: *** + [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2 + make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2 + make[1]: *** Waiting for unfinished jobs.... + +Instead of relying on the host definition, include linux/socket.h in +classmap.h to have PF_MAX. + +Signed-off-by: Paulo Alcantara <[email protected]> +Acked-by: Stephen Smalley <[email protected]> +[PM: manually merge in mdp.c, subject line tweaks] +Signed-off-by: Paul Moore <[email protected]> +--- + security/selinux/include/classmap.h | 1 + + 1 file changed, 1 insertion(+) + +(limited to 'security/selinux/include/classmap.h') + +diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h +index bd5fe0d3204a..201f7e588a29 100644 +--- a/security/selinux/include/classmap.h ++++ b/security/selinux/include/classmap.h +@@ -1,5 +1,6 @@ + /* SPDX-License-Identifier: GPL-2.0 */ + #include <linux/capability.h> ++#include <linux/socket.h> + + #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ + "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map" +-- +cgit 1.2-0.3.lf.el7 +
