libselinux now has a pkgconfig file. Use it.
Also remove HAVE_NETLINK_AVC_ACQUIRE_FD tests, because we now require a version of libselinux that has it. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Reviewed-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
parent
9fc6b59d46
commit
2ecb9f7d86
|
@ -881,7 +881,6 @@ SELinuxObjectFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
sidput(obj->sid);
|
sidput(obj->sid);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
|
|
||||||
static int netlink_fd;
|
static int netlink_fd;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -895,7 +894,6 @@ SELinuxWakeupHandler(void *data, int err, void *read_mask)
|
||||||
if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
|
if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
|
||||||
avc_netlink_check_nb();
|
avc_netlink_check_nb();
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
void
|
void
|
||||||
SELinuxFlaskReset(void)
|
SELinuxFlaskReset(void)
|
||||||
|
@ -919,12 +917,10 @@ SELinuxFlaskReset(void)
|
||||||
|
|
||||||
/* Tear down SELinux stuff */
|
/* Tear down SELinux stuff */
|
||||||
audit_close(audit_fd);
|
audit_close(audit_fd);
|
||||||
#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
|
|
||||||
avc_netlink_release_fd();
|
avc_netlink_release_fd();
|
||||||
RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
|
RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
|
||||||
NULL);
|
NULL);
|
||||||
RemoveGeneralSocket(netlink_fd);
|
RemoveGeneralSocket(netlink_fd);
|
||||||
#endif
|
|
||||||
|
|
||||||
avc_destroy();
|
avc_destroy();
|
||||||
avc_active = 0;
|
avc_active = 0;
|
||||||
|
@ -992,12 +988,10 @@ SELinuxFlaskInit(void)
|
||||||
if (atom_client_ctx == BAD_RESOURCE)
|
if (atom_client_ctx == BAD_RESOURCE)
|
||||||
FatalError("SELinux: Failed to create atom\n");
|
FatalError("SELinux: Failed to create atom\n");
|
||||||
|
|
||||||
#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
|
|
||||||
netlink_fd = avc_netlink_acquire_fd();
|
netlink_fd = avc_netlink_acquire_fd();
|
||||||
AddGeneralSocket(netlink_fd);
|
AddGeneralSocket(netlink_fd);
|
||||||
RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
|
RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
|
||||||
NULL);
|
NULL);
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Register callbacks */
|
/* Register callbacks */
|
||||||
ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
|
ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
|
||||||
|
|
11
configure.ac
11
configure.ac
|
@ -1056,16 +1056,11 @@ if test "x$XSELINUX" = xyes; then
|
||||||
if test "x$XACE" != xyes; then
|
if test "x$XACE" != xyes; then
|
||||||
AC_MSG_ERROR([cannot build SELinux extension without X-ACE])
|
AC_MSG_ERROR([cannot build SELinux extension without X-ACE])
|
||||||
fi
|
fi
|
||||||
AC_CHECK_HEADERS([selinux/selinux.h selinux/avc.h], [], AC_MSG_ERROR([SELinux include files not found]))
|
|
||||||
AC_CHECK_LIB(selinux, avc_init, [], AC_MSG_ERROR([SELinux library not found]))
|
|
||||||
AC_CHECK_HEADERS([libaudit.h], [], AC_MSG_ERROR([SELinux extension requires audit system headers]))
|
AC_CHECK_HEADERS([libaudit.h], [], AC_MSG_ERROR([SELinux extension requires audit system headers]))
|
||||||
AC_CHECK_LIB(audit, audit_open, [], AC_MSG_ERROR([SELinux extension requires audit system library]))
|
AC_CHECK_LIB(audit, audit_open, [], AC_MSG_ERROR([SELinux extension requires audit system library]))
|
||||||
AC_CHECK_DECL(avc_netlink_acquire_fd,
|
PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.0.86])
|
||||||
[AC_DEFINE(HAVE_AVC_NETLINK_ACQUIRE_FD, 1, "Have avc_netlink_acquire_fd")],
|
SELINUX_LIBS="$SELINUX_LIBS -laudit"
|
||||||
[],
|
|
||||||
[#include <selinux/avc.h>])
|
|
||||||
AC_DEFINE(XSELINUX, 1, [Build SELinux extension])
|
AC_DEFINE(XSELINUX, 1, [Build SELinux extension])
|
||||||
SELINUX_LIB="-lselinux -laudit"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AM_CONDITIONAL(XCSECURITY, [test "x$XCSECURITY" = xyes])
|
AM_CONDITIONAL(XCSECURITY, [test "x$XCSECURITY" = xyes])
|
||||||
|
@ -1584,7 +1579,7 @@ if test "x$XORG" = xyes; then
|
||||||
AC_CHECK_FUNCS([pci_device_vgaarb_init])
|
AC_CHECK_FUNCS([pci_device_vgaarb_init])
|
||||||
LIBS=$SAVE_LIBS
|
LIBS=$SAVE_LIBS
|
||||||
CFLAGS=$SAVE_CFLAGS
|
CFLAGS=$SAVE_CFLAGS
|
||||||
XORG_SYS_LIBS="$XORG_SYS_LIBS $PCIACCESS_LIBS $GLX_SYS_LIBS $SELINUX_LIB"
|
XORG_SYS_LIBS="$XORG_SYS_LIBS $PCIACCESS_LIBS $GLX_SYS_LIBS $SELINUX_LIBS"
|
||||||
XORG_CFLAGS="$XORG_CFLAGS $PCIACCESS_CFLAGS"
|
XORG_CFLAGS="$XORG_CFLAGS $PCIACCESS_CFLAGS"
|
||||||
|
|
||||||
case $host_os in
|
case $host_os in
|
||||||
|
|
|
@ -446,6 +446,4 @@
|
||||||
#include "dix-config-apple-verbatim.h"
|
#include "dix-config-apple-verbatim.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#undef HAVE_AVC_NETLINK_ACQUIRE_FD
|
|
||||||
|
|
||||||
#endif /* _DIX_CONFIG_H_ */
|
#endif /* _DIX_CONFIG_H_ */
|
||||||
|
|
Loading…
Reference in New Issue
Block a user