lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.2.20.1612221731060.3046@namei.org>
Date:   Thu, 22 Dec 2016 17:32:22 +1100 (AEDT)
From:   James Morris <jmorris@...ei.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
cc:     linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, Paul Moore <paul@...l-moore.com>
Subject: [GIT PULL] SELinux fix for 4.10

Please pull.

>From Paul: "A small SELinux patch to fix some clang/llvm compiler warnings 
and ensure the tools under scripts work well in the face of kernel 
changes."


The following changes since commit 52bce91165e5f2db422b2b972e83d389e5e4725c:

  splice: reinstate SIGPIPE/EPIPE handling (2016-12-21 10:59:34 -0800)

are available in the git repository at:
  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

James Morris (1):
      Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/selinux into for-linus

Paul Moore (1):
      selinux: use the kernel headers when building scripts/selinux

 scripts/selinux/genheaders/Makefile     |    4 +++-
 scripts/selinux/genheaders/genheaders.c |    4 ++++
 scripts/selinux/mdp/Makefile            |    4 +++-
 scripts/selinux/mdp/mdp.c               |    4 ++++
 security/selinux/include/classmap.h     |    2 ++
 5 files changed, 16 insertions(+), 2 deletions(-)

---

commit bfc5e3a6af397dcf9c99a6c1872458e7867c4680
Author: Paul Moore <paul@...l-moore.com>
Date:   Wed Dec 21 10:39:25 2016 -0500

    selinux: use the kernel headers when building scripts/selinux
    
    Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability
    definitions") added a check on the defined capabilities without
    explicitly including the capability header file which caused problems
    when building genheaders for users of clang/llvm.  Resolve this by
    using the kernel headers when building genheaders, which is arguably
    the right thing to do regardless, and explicitly including the
    kernel's capability.h header file in classmap.h.  We also update the
    mdp build, even though it wasn't causing an error we really should
    be using the headers from the kernel we are building.
    
    Reported-by: Nicolas Iooss <nicolas.iooss@....org>
    Signed-off-by: Paul Moore <paul@...l-moore.com>

diff --git a/scripts/selinux/genheaders/Makefile b/scripts/selinux/genheaders/Makefile
index 1d1ac51..6fc2b87 100644
--- a/scripts/selinux/genheaders/Makefile
+++ b/scripts/selinux/genheaders/Makefile
@@ -1,4 +1,6 @@
 hostprogs-y	:= genheaders
-HOST_EXTRACFLAGS += -Isecurity/selinux/include
+HOST_EXTRACFLAGS += \
+	-I$(srctree)/include/uapi -I$(srctree)/include \
+	-I$(srctree)/security/selinux/include
 
 always		:= $(hostprogs-y)
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 539855f..f4dd41f 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -1,3 +1,7 @@
+
+/* NOTE: we really do want to use the kernel headers here */
+#define __EXPORTED_HEADERS__
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
diff --git a/scripts/selinux/mdp/Makefile b/scripts/selinux/mdp/Makefile
index dba7eff..d6a83ca 100644
--- a/scripts/selinux/mdp/Makefile
+++ b/scripts/selinux/mdp/Makefile
@@ -1,5 +1,7 @@
 hostprogs-y	:= mdp
-HOST_EXTRACFLAGS += -Isecurity/selinux/include
+HOST_EXTRACFLAGS += \
+	-I$(srctree)/include/uapi -I$(srctree)/include \
+	-I$(srctree)/security/selinux/include
 
 always		:= $(hostprogs-y)
 clean-files	:= policy.* file_contexts
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
index e10beb1..c29fa4a 100644
--- a/scripts/selinux/mdp/mdp.c
+++ b/scripts/selinux/mdp/mdp.c
@@ -24,6 +24,10 @@
  * Authors: Serge E. Hallyn <serue@...ibm.com>
  */
 
+
+/* NOTE: we really do want to use the kernel headers here */
+#define __EXPORTED_HEADERS__
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index e2d4ad3..13ae49b 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -1,3 +1,5 @@
+#include <linux/capability.h>
+
 #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
     "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ