build: avoid more selinux build failures

Handle both newer selinux libraries with mode_to_security_class(),
and systems without selinux at all.  We could easily adjust
gnulib to provide the necessary stubs for use by this module,
but it's more efficient to just stub out the module completely,
when not using selinux.

* src/selinux.h: Define stubs for the two module functions,
when SELinux is not available.
* src/selinux.c: Exclude all logic in preference for the stubs
when selinux isn't used.  Also when newer selinux libs are used,
don't use our conflicting static version of mode_to_security_class().
m4/jm-macros.m4: Check for the system mode_to_security_class().

diff --git a/m4/jm-macros.m4 b/m4/jm-macros.m4
index 3f95def860fefa6123172e3917587c33f5502a09..d7ccbab5c6f5a7cc3a069bd66d4a02182f5d4ccf 100644 (file)
--- a/m4/jm-macros.m4
+++ b/m4/jm-macros.m4
@@ -44,9 +44,11 @@ AC_DEFUN([coreutils_MACROS],
   # used by shred
   AC_CHECK_FUNCS_ONCE([directio])
 
-  # Used by install.c.
   coreutils_saved_libs=$LIBS
     LIBS="$LIBS $LIB_SELINUX"
+    # Used by selinux.c.
+    AC_CHECK_FUNCS([mode_to_security_class], [], [])
+    # Used by install.c.
     AC_CHECK_FUNCS([matchpathcon_init_prefix], [],
     [
       case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in

diff --git a/src/selinux.c b/src/selinux.c
index 405f5f61e59477fcc0902c260e58bf9966fda23b..c87e896895f455a8ece715b2e1a69121afa5a750 100644 (file)
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -29,8 +29,11 @@
 #include "quote.h"
 #include "selinux.h"
 
+#if HAVE_SELINUX_SELINUX_H
+
+# if ! HAVE_MODE_TO_SECURITY_CLASS
 /*
-  This function has being added to libselinux-2.1.12-5, but is here
+  This function has been added to libselinux-2.1.12-5, but is here
   for support with older versions of SELinux
 
   Translates a mode into an Internal SELinux security_class definition.
@@ -58,6 +61,7 @@ mode_to_security_class (mode_t m)
   errno = EINVAL;
   return 0;
 }
+# endif
 
 /*
   This function takes a PATH and a MODE and then asks SELinux what the label
@@ -108,7 +112,7 @@ defaultcon (char const *path, mode_t mode)
 {
   int rc = -1;
   security_context_t scon = NULL, tcon = NULL;
-  context_t scontext = NULL, tcontext = NULL;
+  context_t scontext = 0, tcontext = 0;
   const char *contype;
   char *constr;
   char *newpath = NULL;
@@ -179,7 +183,7 @@ restorecon_private (char const *path, bool local)
   int rc = -1;
   struct stat sb;
   security_context_t scon = NULL, tcon = NULL;
-  context_t scontext = NULL, tcontext = NULL;
+  context_t scontext = 0, tcontext = 0;
   const char *contype;
   char *constr;
   int fd;
@@ -328,3 +332,4 @@ restorecon (char const *path, bool recurse, bool local)
   free (newpath);
   return ok;
 }
+#endif

diff --git a/src/selinux.h b/src/selinux.h
index f60c083ac03a24de3df4e11a6eae5355aac78910..31771632ecdfa4a4eb80489cccc23bb36396d4e9 100644 (file)
--- a/src/selinux.h
+++ b/src/selinux.h
@@ -19,7 +19,21 @@
 #ifndef COREUTILS_SELINUX_H
 # define COREUTILS_SELINUX_H
 
+# if HAVE_SELINUX_SELINUX_H
+
 extern bool restorecon (char const *path, bool recurse, bool preserve);
 extern int defaultcon (char const *path, mode_t mode);
 
+# else
+
+static inline bool
+restorecon (char const *path, bool recurse, bool preserve)
+{ errno = ENOTSUP; return false; }
+
+static inline int
+defaultcon (char const *path, mode_t mode)
+{ errno = ENOTSUP; return -1; }
+
+# endif
+
 #endif