[libvirt] [PATCH RFC] build: fix build with libselinux 2.3

Eric Blake eblake at redhat.com
Wed May 28 04:24:24 UTC 2014 

On 05/27/2014 10:05 PM, Jim Fehlig wrote:
> The attached patch is an attempt to fix recent build failures I've
> noticed with libselinux 2.3
> 
> CC       securityselinuxhelper.lo
> securityselinuxhelper.c:159:5: error: conflicting types for 'setcon_raw'
>  int setcon_raw(security_context_t context)
>      ^

> Noticing that security_context_t changed to 'const char *', my first
> thought was to use AC_CHECK_TYPE to check for security_conext_t, but
> alas the typedef remains in 2.3 with the comment "No longer used; here
> for compatibility with legacy callers".
> 
> I then pursued the approach in this patch of defining a config var based
> on 'pkg-config --modversion', which works in a test script, but not in
> the context of the LIBVIRT_CHECK_SELINUX macro.  Probably due to some
> missed quoting, but I'm reaching the m4 knowledge barrier.  Before
> attempting to bypass that, I'd like to see what others think of this
> approach.  Is there a simpler solution?

So the difference is deciding whether the const is present? It should be
possible to write an AC_COMPILE_IF test that passes or fails based on
whether you have a compatible redeclaration of the function.

> 
>    if test "$with_selinux" = "yes"; then
> +    AC_MSG_CHECKING([SELinux version])
> +    ver=$(pkg-config --modversion libselinux)
> +    major_ver=`echo $ver | awk -F. '{print $1}'`
> +    minor_ver=`echo $ver | awk -F. '{print $2}'`
> +    SELINUX_VER=`expr $major_ver + $minor_ver`
> +    AC_MSG_RESULT([$SELINUX_VER])
> +    if test $SELINUX_VER -ge 2003; then
> +       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
> +                          [SELinux uses char * for security context])
> +    fi

Eww.  Version-check tests are inherently fragile; we want to do a
feature check (does a const char * compile) not a version check.  I'll
take some time tomorrow to propose an alternative.  My idea is to define
a new macro VIR_SELINUX_CTX_CONST to either '' or 'const' depending on
which version builds, without messing around with fragile version checks.


Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140527/ffdb9d36/attachment-0001.sig>

More information about the libvir-list mailing list