diff options
author | Paul Moore <paul@paul-moore.com> | 2016-12-21 10:39:25 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-12-21 10:39:25 -0500 |
commit | bfc5e3a6af397dcf9c99a6c1872458e7867c4680 (patch) | |
tree | 09d7f23ed281538d97ead3b78691f2a33eee29ff | |
parent | 9287aed2ad1ff1bde5eb190bcd6dccd5f1cf47d3 (diff) | |
download | pci-ep-bfc5e3a6af397dcf9c99a6c1872458e7867c4680.tar.gz |
selinux: use the kernel headers when building scripts/selinux
Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability
definitions") added a check on the defined capabilities without
explicitly including the capability header file which caused problems
when building genheaders for users of clang/llvm. Resolve this by
using the kernel headers when building genheaders, which is arguably
the right thing to do regardless, and explicitly including the
kernel's capability.h header file in classmap.h. We also update the
mdp build, even though it wasn't causing an error we really should
be using the headers from the kernel we are building.
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | scripts/selinux/genheaders/Makefile | 4 | ||||
-rw-r--r-- | scripts/selinux/genheaders/genheaders.c | 4 | ||||
-rw-r--r-- | scripts/selinux/mdp/Makefile | 4 | ||||
-rw-r--r-- | scripts/selinux/mdp/mdp.c | 4 | ||||
-rw-r--r-- | security/selinux/include/classmap.h | 2 |
5 files changed, 16 insertions, 2 deletions
diff --git a/scripts/selinux/genheaders/Makefile b/scripts/selinux/genheaders/Makefile index 1d1ac51359e3ab..6fc2b8789a0bf6 100644 --- a/scripts/selinux/genheaders/Makefile +++ b/scripts/selinux/genheaders/Makefile @@ -1,4 +1,6 @@ hostprogs-y := genheaders -HOST_EXTRACFLAGS += -Isecurity/selinux/include +HOST_EXTRACFLAGS += \ + -I$(srctree)/include/uapi -I$(srctree)/include \ + -I$(srctree)/security/selinux/include always := $(hostprogs-y) diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c index 539855ff31f977..f4dd41f900d5ce 100644 --- a/scripts/selinux/genheaders/genheaders.c +++ b/scripts/selinux/genheaders/genheaders.c @@ -1,3 +1,7 @@ + +/* NOTE: we really do want to use the kernel headers here */ +#define __EXPORTED_HEADERS__ + #include <stdio.h> #include <stdlib.h> #include <unistd.h> diff --git a/scripts/selinux/mdp/Makefile b/scripts/selinux/mdp/Makefile index dba7eff69a0096..d6a83cafe59f46 100644 --- a/scripts/selinux/mdp/Makefile +++ b/scripts/selinux/mdp/Makefile @@ -1,5 +1,7 @@ hostprogs-y := mdp -HOST_EXTRACFLAGS += -Isecurity/selinux/include +HOST_EXTRACFLAGS += \ + -I$(srctree)/include/uapi -I$(srctree)/include \ + -I$(srctree)/security/selinux/include always := $(hostprogs-y) clean-files := policy.* file_contexts diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c index e10beb11b696e4..c29fa4a6228d6f 100644 --- a/scripts/selinux/mdp/mdp.c +++ b/scripts/selinux/mdp/mdp.c @@ -24,6 +24,10 @@ * Authors: Serge E. Hallyn <serue@us.ibm.com> */ + +/* NOTE: we really do want to use the kernel headers here */ +#define __EXPORTED_HEADERS__ + #include <stdio.h> #include <stdlib.h> #include <unistd.h> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index e2d4ad3a4b4c5e..13ae49b0baa091 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -1,3 +1,5 @@ +#include <linux/capability.h> + #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append" |