selinux: use the kernel headers when building scripts/selinux
authorPaul Moore <paul@paul-moore.com>
Wed, 21 Dec 2016 15:39:25 +0000 (10:39 -0500)
committerPaul Moore <paul@paul-moore.com>
Wed, 21 Dec 2016 15:39:25 +0000 (10:39 -0500)
Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability
definitions") added a check on the defined capabilities without
explicitly including the capability header file which caused problems
when building genheaders for users of clang/llvm.  Resolve this by
using the kernel headers when building genheaders, which is arguably
the right thing to do regardless, and explicitly including the
kernel's capability.h header file in classmap.h.  We also update the
mdp build, even though it wasn't causing an error we really should
be using the headers from the kernel we are building.

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
scripts/selinux/genheaders/Makefile
scripts/selinux/genheaders/genheaders.c
scripts/selinux/mdp/Makefile
scripts/selinux/mdp/mdp.c
security/selinux/include/classmap.h

index 1d1ac51359e3abe9ff1e32ebaba24de04f2909e9..6fc2b8789a0bf677f2ca874dab6eaec96ef4ca3b 100644 (file)
@@ -1,4 +1,6 @@
 hostprogs-y    := genheaders
-HOST_EXTRACFLAGS += -Isecurity/selinux/include
+HOST_EXTRACFLAGS += \
+       -I$(srctree)/include/uapi -I$(srctree)/include \
+       -I$(srctree)/security/selinux/include
 
 always         := $(hostprogs-y)
index 539855ff31f977f32a1afbc16b35c9bfc2df6387..f4dd41f900d5ce8a672479139938feb8b96105f9 100644 (file)
@@ -1,3 +1,7 @@
+
+/* NOTE: we really do want to use the kernel headers here */
+#define __EXPORTED_HEADERS__
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
index dba7eff69a00962e99ca2e34ff4a4f47da59f58b..d6a83cafe59f46d35df53048005be42a1fca6c90 100644 (file)
@@ -1,5 +1,7 @@
 hostprogs-y    := mdp
-HOST_EXTRACFLAGS += -Isecurity/selinux/include
+HOST_EXTRACFLAGS += \
+       -I$(srctree)/include/uapi -I$(srctree)/include \
+       -I$(srctree)/security/selinux/include
 
 always         := $(hostprogs-y)
 clean-files    := policy.* file_contexts
index e10beb11b696e4f6d289e3c74a7dddf970b1b66b..c29fa4a6228d6f59f9346721d4569cb15002b3c6 100644 (file)
  * Authors: Serge E. Hallyn <serue@us.ibm.com>
  */
 
+
+/* NOTE: we really do want to use the kernel headers here */
+#define __EXPORTED_HEADERS__
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
index e2d4ad3a4b4c5e01a063747a4286e1b51c05f697..13ae49b0baa091f3ca9202fd51e3a20e46d9b6f4 100644 (file)
@@ -1,3 +1,5 @@
+#include <linux/capability.h>
+
 #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
     "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"