[PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Guido Trentalancia]

Hello,

I am not able to build semodule from the current git unless the
following patch is applied.

Also, it would still be problematic if an outdated version of handle.h
is getting picked up directly from the root include directory (as it
happens now) and not from the local build directory... In other words,
the Makefile and build system should be modified so that the local
header files are picked up during each new build rather than the
system-wide ones from previous installations.

But at least this is a start:

Include <semanage/handle.h> for semodule_set_root() currently used by semodule

--- selinux-05092011/policycoreutils/semodule/semodule.c	2011-09-02 04:19:47.357716917 +0200
+++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c	2011-09-09 18:41:24.078319022 +0200
@@ -21,6 +21,7 @@
 #include <sys/types.h>
 
 #include <semanage/modules.h>
+#include <semanage/handle.h>
 
 enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
 	LIST_M, RELOAD


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Guido Trentalancia]

Heads-up. No patch is needed for the semanage files (as the new semanage/modules.h file already includes semanage/handle.h).

It's probably just the build system that needs to be modified to include the local header files during the build process instead of the already installed system-wide ones.

Otherwise the libraries need to be installed beforehand ?

Regards,

Guido

On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
> Hello,
> 
> I am not able to build semodule from the current git unless the
> following patch is applied.
> 
> Also, it would still be problematic if an outdated version of handle.h
> is getting picked up directly from the root include directory (as it
> happens now) and not from the local build directory... In other words,
> the Makefile and build system should be modified so that the local
> header files are picked up during each new build rather than the
> system-wide ones from previous installations.
> 
> But at least this is a start:
> 
> Include <semanage/handle.h> for semodule_set_root() currently used by semodule
> 
> --- selinux-05092011/policycoreutils/semodule/semodule.c	2011-09-02 04:19:47.357716917 +0200
> +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c	2011-09-09 18:41:24.078319022 +0200
> @@ -21,6 +21,7 @@
>  #include <sys/types.h>
>  
>  #include <semanage/modules.h>
> +#include <semanage/handle.h>
>  
>  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
>  	LIST_M, RELOAD
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Guido Trentalancia]

It only happens when building from git (because it uses the top-level
Makefile which is not being distributed with the released components).

On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
> Hello,
> 
> I am not able to build semodule from the current git unless the
> following patch is applied.
> 
> Also, it would still be problematic if an outdated version of handle.h
> is getting picked up directly from the root include directory (as it
> happens now) and not from the local build directory... In other words,
> the Makefile and build system should be modified so that the local
> header files are picked up during each new build rather than the
> system-wide ones from previous installations.
> 
> But at least this is a start:
> 
> Include <semanage/handle.h> for semodule_set_root() currently used by semodule
> 
> --- selinux-05092011/policycoreutils/semodule/semodule.c	2011-09-02 04:19:47.357716917 +0200
> +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c	2011-09-09 18:41:24.078319022 +0200
> @@ -21,6 +21,7 @@
>  #include <sys/types.h>
>  
>  #include <semanage/modules.h>
> +#include <semanage/handle.h>
>  
>  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
>  	LIST_M, RELOAD
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Eric Paris]

I'm also really annoyed by this at times, but I don't know what the
right answer is.

We really treat it like we have 5+ separate projects which just all
happen to live in the same git tree.  Thus to build libselinux you
must have already built and installed libsepol.  And then to build
libsemanage you need to have done that with both libsepol and
libselinux.  Then of course to get the builds and install right (on
Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
Its a mess, but I don't know what to do that's better....

-Eric

On Fri, Sep 9, 2011 at 1:17 PM, Guido Trentalancia
<guido@trentalancia.com> wrote:
> It only happens when building from git (because it uses the top-level
> Makefile which is not being distributed with the released components).
>
> On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
>> Hello,
>>
>> I am not able to build semodule from the current git unless the
>> following patch is applied.
>>
>> Also, it would still be problematic if an outdated version of handle.h
>> is getting picked up directly from the root include directory (as it
>> happens now) and not from the local build directory... In other words,
>> the Makefile and build system should be modified so that the local
>> header files are picked up during each new build rather than the
>> system-wide ones from previous installations.
>>
>> But at least this is a start:
>>
>> Include <semanage/handle.h> for semodule_set_root() currently used by semodule
>>
>> --- selinux-05092011/policycoreutils/semodule/semodule.c      2011-09-02 04:19:47.357716917 +0200
>> +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c        2011-09-09 18:41:24.078319022 +0200
>> @@ -21,6 +21,7 @@
>>  #include <sys/types.h>
>>
>>  #include <semanage/modules.h>
>> +#include <semanage/handle.h>
>>
>>  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
>>       LIST_M, RELOAD
>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Guido Trentalancia]

On Fri, 2011-09-09 at 19:17 +0200, Guido Trentalancia wrote:
> It only happens when building from git (because it uses the top-level
> Makefile which is not being distributed with the released components).

And a similar error happens with checkpolicy if a recent enough libsepol
is not already installed:

cc -g -Wall -Wshadow -O2 -pipe -fno-strict-aliasing -I. -I/usr/include
-o y.tab.o -c y.tab.c
In file included from policy_parse.y:53:0:
module_compiler.h:85:28: error: unknown type name filename_trans_rule_t
make: *** [y.tab.o] Error 1

> On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
> > Hello,
> > 
> > I am not able to build semodule from the current git unless the
> > following patch is applied.
> > 
> > Also, it would still be problematic if an outdated version of handle.h
> > is getting picked up directly from the root include directory (as it
> > happens now) and not from the local build directory... In other words,
> > the Makefile and build system should be modified so that the local
> > header files are picked up during each new build rather than the
> > system-wide ones from previous installations.
> > 
> > But at least this is a start:
> > 
> > Include <semanage/handle.h> for semodule_set_root() currently used by semodule
> > 
> > --- selinux-05092011/policycoreutils/semodule/semodule.c	2011-09-02 04:19:47.357716917 +0200
> > +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c	2011-09-09 18:41:24.078319022 +0200
> > @@ -21,6 +21,7 @@
> >  #include <sys/types.h>
> >  
> >  #include <semanage/modules.h>
> > +#include <semanage/handle.h>
> >  
> >  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
> >  	LIST_M, RELOAD
> > 
> > 
> > --
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > the words "unsubscribe selinux" without quotes as the message.
> > 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Guido Trentalancia]

On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> I'm also really annoyed by this at times, but I don't know what the
> right answer is.

Well, as long as it is a git-only thing, perhaps a README file would do.

It could be improved too...

For example, load_policy does not honour LIBDIR or SHLIBDIR:

--- selinux-05092011/policycoreutils/load_policy/Makefile	2011-09-02
04:19:47.317716618 +0200
+++ selinux-05092011-fix-LIBDIR/policycoreutils/load_policy/Makefile
2011-09-09 19:44:23.710064117 +0200
@@ -3,11 +3,12 @@ PREFIX ?= ${DESTDIR}/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/usr/lib
 LOCALEDIR ?= /usr/share/locale
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS
-DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 


> We really treat it like we have 5+ separate projects which just all
> happen to live in the same git tree.  Thus to build libselinux you
> must have already built and installed libsepol.  And then to build
> libsemanage you need to have done that with both libsepol and
> libselinux.  Then of course to get the builds and install right (on
> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> Its a mess, but I don't know what to do that's better....
> 
> -Eric
> 
> On Fri, Sep 9, 2011 at 1:17 PM, Guido Trentalancia
> <guido@trentalancia.com> wrote:
> > It only happens when building from git (because it uses the top-level
> > Makefile which is not being distributed with the released components).
> >
> > On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
> >> Hello,
> >>
> >> I am not able to build semodule from the current git unless the
> >> following patch is applied.
> >>
> >> Also, it would still be problematic if an outdated version of handle.h
> >> is getting picked up directly from the root include directory (as it
> >> happens now) and not from the local build directory... In other words,
> >> the Makefile and build system should be modified so that the local
> >> header files are picked up during each new build rather than the
> >> system-wide ones from previous installations.
> >>
> >> But at least this is a start:
> >>
> >> Include <semanage/handle.h> for semodule_set_root() currently used by semodule
> >>
> >> --- selinux-05092011/policycoreutils/semodule/semodule.c      2011-09-02 04:19:47.357716917 +0200
> >> +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c        2011-09-09 18:41:24.078319022 +0200
> >> @@ -21,6 +21,7 @@
> >>  #include <sys/types.h>
> >>
> >>  #include <semanage/modules.h>
> >> +#include <semanage/handle.h>
> >>
> >>  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
> >>       LIST_M, RELOAD
> >>
> >>
> >> --
> >> This message was distributed to subscribers of the selinux mailing list.
> >> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> >> the words "unsubscribe selinux" without quotes as the message.
> >>
> >
> >
> >
> > --
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > the words "unsubscribe selinux" without quotes as the message.
> >
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Fix LIBDIR usage for load_policy (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Guido Trentalancia]

On Fri, 2011-09-09 at 19:46 +0200, Guido Trentalancia wrote:
> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> > I'm also really annoyed by this at times, but I don't know what the
> > right answer is.
> 
> Well, as long as it is a git-only thing, perhaps a README file would do.
> 
> It could be improved too...
> 
> For example, load_policy does not honour LIBDIR or SHLIBDIR:

It was in a broken format and now I've also changed the subject. The
following one should be better:

--- selinux-05092011/policycoreutils/load_policy/Makefile	2011-09-02 04:19:47.317716618 +0200
+++ selinux-05092011-fix-LIBDIR/policycoreutils/load_policy/Makefile	2011-09-09 19:44:23.710064117 +0200
@@ -3,11 +3,12 @@ PREFIX ?= ${DESTDIR}/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/usr/lib
 LOCALEDIR ?= /usr/share/locale
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 

The top-level Makefile could be improved too perhaps...

> --- selinux-05092011/policycoreutils/load_policy/Makefile	2011-09-02
> 04:19:47.317716618 +0200
> +++ selinux-05092011-fix-LIBDIR/policycoreutils/load_policy/Makefile
> 2011-09-09 19:44:23.710064117 +0200
> @@ -3,11 +3,12 @@ PREFIX ?= ${DESTDIR}/usr
>  SBINDIR ?= $(DESTDIR)/sbin
>  USRSBINDIR ?= $(PREFIX)/sbin
>  MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/usr/lib
>  LOCALEDIR ?= /usr/share/locale
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS
> -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> +LDLIBS += -lsepol -lselinux -L$(LIBDIR)
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> 
> 
> > We really treat it like we have 5+ separate projects which just all
> > happen to live in the same git tree.  Thus to build libselinux you
> > must have already built and installed libsepol.  And then to build
> > libsemanage you need to have done that with both libsepol and
> > libselinux.  Then of course to get the builds and install right (on
> > Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> > for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> > Its a mess, but I don't know what to do that's better....
> > 
> > -Eric
> > 
> > On Fri, Sep 9, 2011 at 1:17 PM, Guido Trentalancia
> > <guido@trentalancia.com> wrote:
> > > It only happens when building from git (because it uses the top-level
> > > Makefile which is not being distributed with the released components).
> > >
> > > On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
> > >> Hello,
> > >>
> > >> I am not able to build semodule from the current git unless the
> > >> following patch is applied.
> > >>
> > >> Also, it would still be problematic if an outdated version of handle.h
> > >> is getting picked up directly from the root include directory (as it
> > >> happens now) and not from the local build directory... In other words,
> > >> the Makefile and build system should be modified so that the local
> > >> header files are picked up during each new build rather than the
> > >> system-wide ones from previous installations.
> > >>
> > >> But at least this is a start:
> > >>
> > >> Include <semanage/handle.h> for semodule_set_root() currently used by semodule
> > >>
> > >> --- selinux-05092011/policycoreutils/semodule/semodule.c      2011-09-02 04:19:47.357716917 +0200
> > >> +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c        2011-09-09 18:41:24.078319022 +0200
> > >> @@ -21,6 +21,7 @@
> > >>  #include <sys/types.h>
> > >>
> > >>  #include <semanage/modules.h>
> > >> +#include <semanage/handle.h>
> > >>
> > >>  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
> > >>       LIST_M, RELOAD
> > >>
> > >>
> > >> --
> > >> This message was distributed to subscribers of the selinux mailing list.
> > >> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > >> the words "unsubscribe selinux" without quotes as the message.
> > >>
> > >
> > >
> > >
> > > --
> > > This message was distributed to subscribers of the selinux mailing list.
> > > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > > the words "unsubscribe selinux" without quotes as the message.
> > >
> > 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

So either a top-level README file is introduced (to explictly recommend
to build the libraries first):

--- selinux-09092011-orig/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-09092011/README	2011-09-09 22:48:42.907857132 +0200
@@ -0,0 +1,21 @@
+INSTALLATION:
+
+First build and install the libraries (libsepol, libselinux and libsemanage) by typing
+"make" and then "make install" in each directory.
+
+Finally build and install the userspace tools (sepolgen, checkpolicy and policycoreutils) by
+typing "make" and then "make install" in each directory.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-fPIC -DSHARED" LDFLAGS="-ldl").
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+Please see the Makefile(s) for other environment variables that can be used.

And/or a warning could be printed out by the top-level Makefile:

--- selinux-09092011-orig/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-09092011/Makefile	2011-09-09 22:57:12.481152804 +0200
@@ -1,4 +1,6 @@
-SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
+SUBDIRS_BIN=sepolgen checkpolicy policycoreutils
+SUBDIRS_LIB=libsepol libselinux libsemanage
+SUBDIRS=$(SUBDIRS_LIB) $(SUBDIRS_BIN)
 PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
@@ -11,6 +13,10 @@ all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
 	done
+	@echo
+	@echo -n "Do not forget to install the libraries ($(SUBDIRS_LIB))"
+	@echo " before trying to build the userspace tools ($(SUBDIRS_BIN))."
+	@echo
 
 install-pywrap swigify:
 	@for subdir in $(PYSUBDIRS); do \

Or the top-level Makefile could install the libraries automatically
(really awful as it is and NOT recommended, however on my system it
works fine with CFLAGS="-fPIC -DSHARED" and LDFLAGS="-ldl"):

--- selinux-09092011-orig/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-09092011/Makefile	2011-09-09 23:12:12.135859761 +0200
@@ -1,4 +1,5 @@
-SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
+SUBDIRS=libsepol libselinux libsemanage
+SUBDIRS_BIN=sepolgen checkpolicy policycoreutils # policy
 PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
@@ -7,9 +8,20 @@ ifeq ($(DEBUG),1)
 	export LDFLAGS = -g
 endif
 
-all install relabel clean test indent:
+all relabel test indent:
 	@for subdir in $(SUBDIRS); do \
-		(cd $$subdir && $(MAKE) $@) || exit 1; \
+		(cd $$subdir && $(MAKE) $@ && $(MAKE) install) || exit 1; \
+	done
+	@for subdir_bin in $(SUBDIRS_BIN); do \
+		(cd $$subdir_bin && $(MAKE) $@) || exit 1; \
+	done
+
+install:
+	@for subdir in $(SUBDIRS); do \
+		(cd $$subdir && $(MAKE) install) || exit 1; \
+	done
+	@for subdir_bin in $(SUBDIRS_BIN); do \
+		(cd $$subdir_bin && $(MAKE) install) || exit 1; \
 	done
 
 install-pywrap swigify:
@@ -17,6 +29,14 @@ install-pywrap swigify:
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
 	done
 
+clean:
+	@for subdir in $(SUBDIRS); do \
+		(cd $$subdir && $(MAKE) $@) || exit 1; \
+	done
+	@for subdir_bin in $(SUBDIRS_BIN); do \
+		(cd $$subdir_bin && $(MAKE) $@) || exit 1; \
+	done
+
 distclean:
 	@for subdir in $(DISTCLEANSUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \

The above methods are intended to make the build process (for the
userspace git version only) a little bit more user-friendly since the
tools might not build if the libraries are not already installed on the
system (because, for example, some header files from the libraries are
getting included from the system-wide include directory rather than from
the local build tree).

A previosly posted patch to honour the environment variable LIBDIR in
load_policy is also suggested (both for git and released versions).

Regards,

Guido

On Fri, 2011-09-09 at 19:59 +0200, Guido Trentalancia wrote:
> On Fri, 2011-09-09 at 19:46 +0200, Guido Trentalancia wrote:
> > On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> > > I'm also really annoyed by this at times, but I don't know what the
> > > right answer is.
> > 
> > Well, as long as it is a git-only thing, perhaps a README file would do.
> > 
> > It could be improved too...
> > 
> > For example, load_policy does not honour LIBDIR or SHLIBDIR:
> 
> It was in a broken format and now I've also changed the subject. The
> following one should be better:
> 
> --- selinux-05092011/policycoreutils/load_policy/Makefile	2011-09-02 04:19:47.317716618 +0200
> +++ selinux-05092011-fix-LIBDIR/policycoreutils/load_policy/Makefile	2011-09-09 19:44:23.710064117 +0200
> @@ -3,11 +3,12 @@ PREFIX ?= ${DESTDIR}/usr
>  SBINDIR ?= $(DESTDIR)/sbin
>  USRSBINDIR ?= $(PREFIX)/sbin
>  MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/usr/lib
>  LOCALEDIR ?= /usr/share/locale
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> +LDLIBS += -lsepol -lselinux -L$(LIBDIR)
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> 
> The top-level Makefile could be improved too perhaps...
> 
> > --- selinux-05092011/policycoreutils/load_policy/Makefile	2011-09-02
> > 04:19:47.317716618 +0200
> > +++ selinux-05092011-fix-LIBDIR/policycoreutils/load_policy/Makefile
> > 2011-09-09 19:44:23.710064117 +0200
> > @@ -3,11 +3,12 @@ PREFIX ?= ${DESTDIR}/usr
> >  SBINDIR ?= $(DESTDIR)/sbin
> >  USRSBINDIR ?= $(PREFIX)/sbin
> >  MANDIR ?= $(PREFIX)/share/man
> > +LIBDIR ?= $(PREFIX)/usr/lib
> >  LOCALEDIR ?= /usr/share/locale
> >  
> >  CFLAGS ?= -Werror -Wall -W
> >  override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS
> > -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> > -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> > +LDLIBS += -lsepol -lselinux -L$(LIBDIR)
> >  
> >  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
> >  
> > 
> > 
> > > We really treat it like we have 5+ separate projects which just all
> > > happen to live in the same git tree.  Thus to build libselinux you
> > > must have already built and installed libsepol.  And then to build
> > > libsemanage you need to have done that with both libsepol and
> > > libselinux.  Then of course to get the builds and install right (on
> > > Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> > > for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> > > Its a mess, but I don't know what to do that's better....
> > > 
> > > -Eric
> > > 
> > > On Fri, Sep 9, 2011 at 1:17 PM, Guido Trentalancia
> > > <guido@trentalancia.com> wrote:
> > > > It only happens when building from git (because it uses the top-level
> > > > Makefile which is not being distributed with the released components).
> > > >
> > > > On Fri, 2011-09-09 at 19:01 +0200, Guido Trentalancia wrote:
> > > >> Hello,
> > > >>
> > > >> I am not able to build semodule from the current git unless the
> > > >> following patch is applied.
> > > >>
> > > >> Also, it would still be problematic if an outdated version of handle.h
> > > >> is getting picked up directly from the root include directory (as it
> > > >> happens now) and not from the local build directory... In other words,
> > > >> the Makefile and build system should be modified so that the local
> > > >> header files are picked up during each new build rather than the
> > > >> system-wide ones from previous installations.
> > > >>
> > > >> But at least this is a start:
> > > >>
> > > >> Include <semanage/handle.h> for semodule_set_root() currently used by semodule
> > > >>
> > > >> --- selinux-05092011/policycoreutils/semodule/semodule.c      2011-09-02 04:19:47.357716917 +0200
> > > >> +++ selinux-05092011-fix-semanage_set_root/policycoreutils/semodule/semodule.c        2011-09-09 18:41:24.078319022 +0200
> > > >> @@ -21,6 +21,7 @@
> > > >>  #include <sys/types.h>
> > > >>
> > > >>  #include <semanage/modules.h>
> > > >> +#include <semanage/handle.h>
> > > >>
> > > >>  enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
> > > >>       LIST_M, RELOAD
> > > >>
> > > >>
> > > >> --
> > > >> This message was distributed to subscribers of the selinux mailing list.
> > > >> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > > >> the words "unsubscribe selinux" without quotes as the message.
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > This message was distributed to subscribers of the selinux mailing list.
> > > > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > > > the words "unsubscribe selinux" without quotes as the message.
> > > >
> > > 
> > 
> > 
> > 
> > --
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > the words "unsubscribe selinux" without quotes as the message.
> > 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Joshua Brindle]

Guido Trentalancia wrote:
> -all install relabel clean test indent:
> +all relabel test indent:
>   	@for subdir in $(SUBDIRS); do \
> -		(cd $$subdir&&  $(MAKE) $@) || exit 1; \
> +		(cd $$subdir&&  $(MAKE) $@&&  $(MAKE) install) || exit 1; \
> +	done
> +	@for subdir_bin in $(SUBDIRS_BIN); do \
> +		(cd $$subdir_bin&&  $(MAKE) $@) || exit 1; \
> +	done
> +
> +install:
> +	@for subdir in $(SUBDIRS); do \
> +		(cd $$subdir&&  $(MAKE) install) || exit 1; \
> +	done
> +	@for subdir_bin in $(SUBDIRS_BIN); do \
> +		(cd $$subdir_bin&&  $(MAKE) install) || exit 1; \
>   	done
>
>   install-pywrap swigify:
> @@ -17,6 +29,14 @@ install-pywrap swigify:
>   		(cd $$subdir&&  $(MAKE) $@) || exit 1; \
>   	done
>

Nack. We can't require install in the build target and bail if it fails, this is 
completely unfriendly to developers who don't want to install all the libraries 
on their system during development, and those are the people using git.

If you are doing work on libselinux and you install it to your system before 
testing it locally you can easily break your machine and have to boot from a 
rescue disk.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

On Fri, 2011-09-09 at 17:37 -0400, Joshua Brindle wrote:
> Guido Trentalancia wrote:
> > -all install relabel clean test indent:
> > +all relabel test indent:
> >   	@for subdir in $(SUBDIRS); do \
> > -		(cd $$subdir&&  $(MAKE) $@) || exit 1; \
> > +		(cd $$subdir&&  $(MAKE) $@&&  $(MAKE) install) || exit 1; \
> > +	done
> > +	@for subdir_bin in $(SUBDIRS_BIN); do \
> > +		(cd $$subdir_bin&&  $(MAKE) $@) || exit 1; \
> > +	done
> > +
> > +install:
> > +	@for subdir in $(SUBDIRS); do \
> > +		(cd $$subdir&&  $(MAKE) install) || exit 1; \
> > +	done
> > +	@for subdir_bin in $(SUBDIRS_BIN); do \
> > +		(cd $$subdir_bin&&  $(MAKE) install) || exit 1; \
> >   	done
> >
> >   install-pywrap swigify:
> > @@ -17,6 +29,14 @@ install-pywrap swigify:
> >   		(cd $$subdir&&  $(MAKE) $@) || exit 1; \
> >   	done
> >
> 
> Nack. We can't require install in the build target and bail if it fails, this is 
> completely unfriendly to developers who don't want to install all the libraries 
> on their system during development, and those are the people using git.
> 
> If you are doing work on libselinux and you install it to your system before 
> testing it locally you can easily break your machine and have to boot from a 
> rescue disk.

Yes, sure, 100% agreed. It was clearly stated how dirty that was... It's
just good for a laugh ;-)

At the end, you can't really install anything without the user knowing
(and explicitly requiring) that.

But something like the other two solutions would probably be nice...

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

The following patch is probably even better as it actually sorts out the
problem rather than just printing out a warning (it can still be
combined with the creation of a top-level README file):

diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
--- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
@@ -12,7 +12,7 @@ YACC = bison -y
 
 CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
 
-override CFLAGS += -I. -I${INCLUDEDIR}
+override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
 
 CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
 	    policy_define.o
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/test/Makefile selinux-09092011-local-headers/checkpolicy/test/Makefile
--- selinux-09092011-orig/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-09092011-local-headers/checkpolicy/test/Makefile	2011-09-10 00:21:41.319968113 +0200
@@ -7,7 +7,7 @@ LIBDIR=$(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 
 CFLAGS ?= -g -Wall -O2 -pipe
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 
 LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libselinux/src/Makefile selinux-09092011-local-headers/libselinux/src/Makefile
--- selinux-09092011-orig/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-09092011-local-headers/libselinux/src/Makefile	2011-09-10 00:19:29.083304085 +0200
@@ -54,7 +54,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENE
 OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
 RANLIB=ranlib
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsemanage/src/Makefile selinux-09092011-local-headers/libsemanage/src/Makefile
--- selinux-09092011-orig/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-09092011-local-headers/libsemanage/src/Makefile	2011-09-10 00:20:28.781620112 +0200
@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-s
 LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
 
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
+override CFLAGS += -I../include -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE 
 RANLIB=ranlib
 
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/load_policy/Makefile selinux-09092011-local-headers/policycoreutils/load_policy/Makefile
--- selinux-09092011-orig/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-09092011-local-headers/policycoreutils/load_policy/Makefile	2011-09-10 00:23:15.891208602 +0200
@@ -6,7 +6,7 @@ MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I../../libsepol/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/newrole/Makefile selinux-09092011-local-headers/policycoreutils/newrole/Makefile
--- selinux-09092011-orig/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-09092011-local-headers/policycoreutils/newrole/Makefile	2011-09-10 00:23:33.847468496 +0200
@@ -22,7 +22,7 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -L$(PREFIX)/lib
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/restorecond/Makefile selinux-09092011-local-headers/policycoreutils/restorecond/Makefile
--- selinux-09092011-orig/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-09092011-local-headers/policycoreutils/restorecond/Makefile	2011-09-10 00:27:35.744510642 +0200
@@ -6,7 +6,7 @@ INITDIR = $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR = $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
 LDLIBS += -lselinux -L$(PREFIX)/lib
 
 all: restorecond
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/run_init/Makefile selinux-09092011-local-headers/policycoreutils/run_init/Makefile
--- selinux-09092011-orig/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-09092011-local-headers/policycoreutils/run_init/Makefile	2011-09-10 00:23:55.251771687 +0200
@@ -9,7 +9,7 @@ PAMH = $(shell ls /usr/include/security/
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -L$(PREFIX)/lib
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sandbox/Makefile selinux-09092011-local-headers/policycoreutils/sandbox/Makefile
--- selinux-09092011-orig/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-09092011-local-headers/policycoreutils/sandbox/Makefile	2011-09-10 00:24:11.399995764 +0200
@@ -7,7 +7,7 @@ SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -lcap-ng 
 
 all: sandbox seunshare sandboxX.sh start
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/secon/Makefile selinux-09092011-local-headers/policycoreutils/secon/Makefile
--- selinux-09092011-orig/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-09092011-local-headers/policycoreutils/secon/Makefile	2011-09-10 00:24:28.470228343 +0200
@@ -8,7 +8,7 @@ LIBDIR ?= ${PREFIX}/lib
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
 CFLAGS ?= $(WARNS) -O1
-override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) 
+override CFLAGS += -DVERSION=\"$(VERSION)\" -I../../libselinux/include -I$(INCLUDEDIR) 
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: secon
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule/Makefile selinux-09092011-local-headers/policycoreutils/semodule/Makefile
--- selinux-09092011-orig/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-09092011-local-headers/policycoreutils/semodule/Makefile	2011-09-10 00:25:27.823003835 +0200
@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
 LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
 SEMODULE_OBJS = semodule.o
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_deps/Makefile selinux-09092011-local-headers/policycoreutils/semodule_deps/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-09092011-local-headers/policycoreutils/semodule_deps/Makefile	2011-09-10 00:26:35.478827621 +0200
@@ -6,7 +6,7 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 LDLIBS = $(LIBDIR)/libsepol.a
 
 all: semodule_deps
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_expand/Makefile selinux-09092011-local-headers/policycoreutils/semodule_expand/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-local-headers/policycoreutils/semodule_expand/Makefile	2011-09-10 00:26:12.535555150 +0200
@@ -6,7 +6,7 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 LDLIBS = -lsepol -lselinux -L$(LIBDIR)
 
 all: semodule_expand
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_link/Makefile selinux-09092011-local-headers/policycoreutils/semodule_link/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-local-headers/policycoreutils/semodule_link/Makefile	2011-09-10 00:25:50.349285012 +0200
@@ -6,7 +6,7 @@ MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 LDLIBS = -lsepol -lselinux -L$(LIBDIR)
 
 all: semodule_link
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_package/Makefile selinux-09092011-local-headers/policycoreutils/semodule_package/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-local-headers/policycoreutils/semodule_package/Makefile	2011-09-10 00:25:10.519782975 +0200
@@ -6,7 +6,7 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 LDLIBS = -lsepol -lselinux -L$(LIBDIR)
 
 all: semodule_package semodule_unpackage
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sestatus/Makefile selinux-09092011-local-headers/policycoreutils/sestatus/Makefile
--- selinux-09092011-orig/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-local-headers/policycoreutils/sestatus/Makefile	2011-09-10 00:24:43.633431325 +0200
@@ -6,7 +6,7 @@ ETCDIR ?= $(DESTDIR)/etc
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setfiles/Makefile selinux-09092011-local-headers/policycoreutils/setfiles/Makefile
--- selinux-09092011-orig/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-09092011-local-headers/policycoreutils/setfiles/Makefile	2011-09-10 00:22:27.735485936 +0200
@@ -6,7 +6,7 @@ LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+override CFLAGS += -I../../libsepol/include -I../../libselinux/include -I$(PREFIX)/include
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setsebool/Makefile selinux-09092011-local-headers/policycoreutils/setsebool/Makefile
--- selinux-09092011-orig/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-09092011-local-headers/policycoreutils/setsebool/Makefile	2011-09-10 00:27:16.895301985 +0200
@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
 LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
 SETSEBOOL_OBJS = setsebool.o
 

On Fri, 2011-09-09 at 17:37 -0400, Joshua Brindle wrote:
> Guido Trentalancia wrote:
> > -all install relabel clean test indent:
> > +all relabel test indent:
> >   	@for subdir in $(SUBDIRS); do \
> > -		(cd $$subdir&&  $(MAKE) $@) || exit 1; \
> > +		(cd $$subdir&&  $(MAKE) $@&&  $(MAKE) install) || exit 1; \
> > +	done
> > +	@for subdir_bin in $(SUBDIRS_BIN); do \
> > +		(cd $$subdir_bin&&  $(MAKE) $@) || exit 1; \
> > +	done
> > +
> > +install:
> > +	@for subdir in $(SUBDIRS); do \
> > +		(cd $$subdir&&  $(MAKE) install) || exit 1; \
> > +	done
> > +	@for subdir_bin in $(SUBDIRS_BIN); do \
> > +		(cd $$subdir_bin&&  $(MAKE) install) || exit 1; \
> >   	done
> >
> >   install-pywrap swigify:
> > @@ -17,6 +29,14 @@ install-pywrap swigify:
> >   		(cd $$subdir&&  $(MAKE) $@) || exit 1; \
> >   	done
> >
> 
> Nack. We can't require install in the build target and bail if it fails, this is 
> completely unfriendly to developers who don't want to install all the libraries 
> on their system during development, and those are the people using git.
> 
> If you are doing work on libselinux and you install it to your system before 
> testing it locally you can easily break your machine and have to boot from a 
> rescue disk.
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Eric Paris]

On 09/09/2011 06:35 PM, Guido Trentalancia wrote:
> The following patch is probably even better as it actually sorts out the
> problem rather than just printing out a warning (it can still be
> combined with the creation of a top-level README file):
> 
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
> --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> +++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
> @@ -12,7 +12,7 @@ YACC = bison -y
>  
>  CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
>  
> -override CFLAGS += -I. -I${INCLUDEDIR}
> +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}

I haven't checked, but can the makefiles then work when there is no
../libsepol/include?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

On Fri, 2011-09-09 at 19:07 -0400, Eric Paris wrote:
> On 09/09/2011 06:35 PM, Guido Trentalancia wrote:
> > The following patch is probably even better as it actually sorts out the
> > problem rather than just printing out a warning (it can still be
> > combined with the creation of a top-level README file):
> > 
> > diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
> > --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> > +++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
> > @@ -12,7 +12,7 @@ YACC = bison -y
> >  
> >  CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
> >  
> > -override CFLAGS += -I. -I${INCLUDEDIR}
> > +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
> 
> I haven't checked, but can the makefiles then work when there is no
> ../libsepol/include?

If ../libsepol/include does not exist and libsepol headers are not
installed under the standard location (${INCLUDEDIR}), then the above is
going to fail.

But why should libsepol/include be missing from git in the first
place ??

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Eric Paris]

On 09/09/2011 07:12 PM, Guido Trentalancia wrote:
> On Fri, 2011-09-09 at 19:07 -0400, Eric Paris wrote:
>> On 09/09/2011 06:35 PM, Guido Trentalancia wrote:
>>> The following patch is probably even better as it actually sorts out the
>>> problem rather than just printing out a warning (it can still be
>>> combined with the creation of a top-level README file):
>>>
>>> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
>>> --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
>>> +++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
>>> @@ -12,7 +12,7 @@ YACC = bison -y
>>>  
>>>  CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
>>>  
>>> -override CFLAGS += -I. -I${INCLUDEDIR}
>>> +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
>>
>> I haven't checked, but can the makefiles then work when there is no
>> ../libsepol/include?
> 
> If ../libsepol/include does not exist and libsepol headers are not
> installed under the standard location (${INCLUDEDIR}), then the above is
> going to fail.
> 
> But why should libsepol/include be missing from git in the first
> place ??

I agree that they must be in one or the other for it to build.  A number
of distros build these packages separately, rather than all at once.
Thus there would be no ../libsepol/include directory at all, but the
headers should be picked up by -I$(INCLUDEDIR).  As long as gcc doesn't
care that the directory doesn't exist, I actually like it.

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

On Fri, 2011-09-09 at 19:15 -0400, Eric Paris wrote:
> On 09/09/2011 07:12 PM, Guido Trentalancia wrote:
> > On Fri, 2011-09-09 at 19:07 -0400, Eric Paris wrote:
> >> On 09/09/2011 06:35 PM, Guido Trentalancia wrote:
> >>> The following patch is probably even better as it actually sorts out the
> >>> problem rather than just printing out a warning (it can still be
> >>> combined with the creation of a top-level README file):
> >>>
> >>> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
> >>> --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> >>> +++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
> >>> @@ -12,7 +12,7 @@ YACC = bison -y
> >>>  
> >>>  CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
> >>>  
> >>> -override CFLAGS += -I. -I${INCLUDEDIR}
> >>> +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
> >>
> >> I haven't checked, but can the makefiles then work when there is no
> >> ../libsepol/include?
> > 
> > If ../libsepol/include does not exist and libsepol headers are not
> > installed under the standard location (${INCLUDEDIR}), then the above is
> > going to fail.
> > 
> > But why should libsepol/include be missing from git in the first
> > place ??
> 
> I agree that they must be in one or the other for it to build.  A number
> of distros build these packages separately, rather than all at once.
> Thus there would be no ../libsepol/include directory at all, but the
> headers should be picked up by -I$(INCLUDEDIR).  As long as gcc doesn't
> care that the directory doesn't exist, I actually like it.
> 
> -Eric

gcc should only care that at least one version of the file can be found
if #include'd.

It still needs to be tested though. Can you try building the whole
userspace git using that patch ?

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

On Sat, 2011-09-10 at 01:25 +0200, Guido Trentalancia wrote:
> On Fri, 2011-09-09 at 19:15 -0400, Eric Paris wrote:
> > > But why should libsepol/include be missing from git in the first
> > > place ??
> > 
> > I agree that they must be in one or the other for it to build.  A number
> > of distros build these packages separately, rather than all at once.
> > Thus there would be no ../libsepol/include directory at all, but the
> > headers should be picked up by -I$(INCLUDEDIR).  As long as gcc doesn't
> > care that the directory doesn't exist, I actually like it.
> > 
> > -Eric
> 
> gcc should only care that at least one version of the file can be found
> if #include'd.
> 
> It still needs to be tested though. Can you try building the whole
> userspace git using that patch ?

I have just tested it again and I am still missing the following bit:

--- selinux-09092011-orig2/policycoreutils/semodule/Makefile	2011-09-10 01:40:34.249189544 +0200
+++ selinux-09092011-local-headers/policycoreutils/semodule/Makefile	2011-09-10 01:36:48.420940938 +0200
@@ -7,7 +7,7 @@ LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+LDLIBS = -L../../libselinux/src -L../../libsepol/src -L../../libsemanage/src -lsepol -lselinux -lsemanage
 SEMODULE_OBJS = semodule.o
 
 all: semodule
--- selinux-09092011-orig2/policycoreutils/setsebool/Makefile	2011-09-10 01:40:34.252189479 +0200
+++ selinux-09092011-local-headers/policycoreutils/setsebool/Makefile	2011-09-10 01:37:39.281235631 +0200
@@ -7,7 +7,7 @@ LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+LDLIBS = -L../../libselinux/src -L../../libsepol/src -L../../libsemanage/src -lsepol -lselinux -lsemanage
 SETSEBOOL_OBJS = setsebool.o
 
 all: setsebool

> Regards,
> 
> Guido



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

And I think I've just spotted another nasty issue:

--- selinux-09092011-orig2/libselinux/src/Makefile	2011-09-10 01:40:34.245189661 +0200
+++ selinux-09092011-test/libselinux/src/Makefile	2011-09-10 01:51:48.059079543 +0200
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
--- selinux-09092011-orig2/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-09092011-test/libsepol/src/Makefile	2011-09-10 01:52:00.402122321 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)

Regards,

Guido

On Sat, 2011-09-10 at 01:45 +0200, Guido Trentalancia wrote:
> On Sat, 2011-09-10 at 01:25 +0200, Guido Trentalancia wrote:
> > On Fri, 2011-09-09 at 19:15 -0400, Eric Paris wrote:
> > > > But why should libsepol/include be missing from git in the first
> > > > place ??
> > > 
> > > I agree that they must be in one or the other for it to build.  A number
> > > of distros build these packages separately, rather than all at once.
> > > Thus there would be no ../libsepol/include directory at all, but the
> > > headers should be picked up by -I$(INCLUDEDIR).  As long as gcc doesn't
> > > care that the directory doesn't exist, I actually like it.
> > > 
> > > -Eric
> > 
> > gcc should only care that at least one version of the file can be found
> > if #include'd.
> > 
> > It still needs to be tested though. Can you try building the whole
> > userspace git using that patch ?
> 
> I have just tested it again and I am still missing the following bit:
> 
> --- selinux-09092011-orig2/policycoreutils/semodule/Makefile	2011-09-10 01:40:34.249189544 +0200
> +++ selinux-09092011-local-headers/policycoreutils/semodule/Makefile	2011-09-10 01:36:48.420940938 +0200
> @@ -7,7 +7,7 @@ LIBDIR ?= ${PREFIX}/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
> +LDLIBS = -L../../libselinux/src -L../../libsepol/src -L../../libsemanage/src -lsepol -lselinux -lsemanage
>  SEMODULE_OBJS = semodule.o
>  
>  all: semodule
> --- selinux-09092011-orig2/policycoreutils/setsebool/Makefile	2011-09-10 01:40:34.252189479 +0200
> +++ selinux-09092011-local-headers/policycoreutils/setsebool/Makefile	2011-09-10 01:37:39.281235631 +0200
> @@ -7,7 +7,7 @@ LIBDIR ?= ${PREFIX}/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
> +LDLIBS = -L../../libselinux/src -L../../libsepol/src -L../../libsemanage/src -lsepol -lselinux -lsemanage
>  SETSEBOOL_OBJS = setsebool.o
>  
>  all: setsebool
> 
> > Regards,
> > 
> > Guido
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[RFC] Userspace git local build (was Re: [RFC] Userspace top-level Makefile)

[Guido Trentalancia]

The final version of the patch which works on my system is attached
below for further testing.

This patch is intended to make sure that the SELinux userspace libraries
and tools bundle from the git repository can be built from scratch
without requiring existing SELinux installations (in particular header
files). It should also fix a possible installation issue (creation of
symbolic links to shared libraries for libselinux and libsepol).

diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-final-local-build/checkpolicy/Makefile
--- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-09092011-final-local-build/checkpolicy/Makefile	2011-09-10 02:47:16.066676508 +0200
@@ -12,14 +12,14 @@ YACC = bison -y
 
 CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
 
-override CFLAGS += -I. -I${INCLUDEDIR}
+override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
 
 CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
 	    policy_define.o
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/test/Makefile selinux-09092011-final-local-build/checkpolicy/test/Makefile
--- selinux-09092011-orig/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-09092011-final-local-build/checkpolicy/test/Makefile	2011-09-10 02:44:50.695849882 +0200
@@ -7,9 +7,9 @@ LIBDIR=$(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 
 CFLAGS ?= -g -Wall -O2 -pipe
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-L../../libselinux/src -lselinux -L../../libsepol/src -lsepol ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libselinux/src/Makefile selinux-09092011-final-local-build/libselinux/src/Makefile
--- selinux-09092011-orig/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-09092011-final-local-build/libselinux/src/Makefile	2011-09-10 02:44:02.015567636 +0200
@@ -54,7 +54,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENE
 OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
 RANLIB=ranlib
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsemanage/src/Makefile selinux-09092011-final-local-build/libsemanage/src/Makefile
--- selinux-09092011-orig/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-09092011-final-local-build/libsemanage/src/Makefile	2011-09-10 02:48:50.111197707 +0200
@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-s
 LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
 
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
+override CFLAGS += -I../include -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE 
 RANLIB=ranlib
 
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsepol/src/Makefile selinux-09092011-final-local-build/libsepol/src/Makefile
--- selinux-09092011-orig/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-09092011-final-local-build/libsepol/src/Makefile	2011-09-10 01:58:06.437254998 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/load_policy/Makefile selinux-09092011-final-local-build/policycoreutils/load_policy/Makefile
--- selinux-09092011-orig/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-09092011-final-local-build/policycoreutils/load_policy/Makefile	2011-09-10 02:28:53.752122765 +0200
@@ -6,8 +6,8 @@ MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I../../libsepol/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/mcstrans/src/Makefile selinux-09092011-final-local-build/policycoreutils/mcstrans/src/Makefile
--- selinux-09092011-orig/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-09092011-final-local-build/policycoreutils/mcstrans/src/Makefile	2011-09-10 02:39:34.153967929 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -L../../../libselinux/src -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/mcstrans/utils/Makefile selinux-09092011-final-local-build/policycoreutils/mcstrans/utils/Makefile
--- selinux-09092011-orig/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-09092011-final-local-build/policycoreutils/mcstrans/utils/Makefile	2011-09-10 02:41:11.963560821 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -L../../../libselinux/src -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lpcre
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/newrole/Makefile selinux-09092011-final-local-build/policycoreutils/newrole/Makefile
--- selinux-09092011-orig/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-09092011-final-local-build/policycoreutils/newrole/Makefile	2011-09-10 01:58:14.064277530 +0200
@@ -22,7 +22,7 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -L$(PREFIX)/lib
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/restorecond/Makefile selinux-09092011-final-local-build/policycoreutils/restorecond/Makefile
--- selinux-09092011-orig/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-09092011-final-local-build/policycoreutils/restorecond/Makefile	2011-09-10 01:58:14.064277530 +0200
@@ -6,7 +6,7 @@ INITDIR = $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR = $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
 LDLIBS += -lselinux -L$(PREFIX)/lib
 
 all: restorecond
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/run_init/Makefile selinux-09092011-final-local-build/policycoreutils/run_init/Makefile
--- selinux-09092011-orig/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-09092011-final-local-build/policycoreutils/run_init/Makefile	2011-09-10 01:58:14.064277530 +0200
@@ -9,7 +9,7 @@ PAMH = $(shell ls /usr/include/security/
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -L$(PREFIX)/lib
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sandbox/Makefile selinux-09092011-final-local-build/policycoreutils/sandbox/Makefile
--- selinux-09092011-orig/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-09092011-final-local-build/policycoreutils/sandbox/Makefile	2011-09-10 01:58:14.064277530 +0200
@@ -7,7 +7,7 @@ SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -lcap-ng 
 
 all: sandbox seunshare sandboxX.sh start
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/secon/Makefile selinux-09092011-final-local-build/policycoreutils/secon/Makefile
--- selinux-09092011-orig/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-09092011-final-local-build/policycoreutils/secon/Makefile	2011-09-10 02:40:05.057152235 +0200
@@ -8,8 +8,8 @@ LIBDIR ?= ${PREFIX}/lib
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
 CFLAGS ?= $(WARNS) -O1
-override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) 
-LDLIBS = -lselinux -L$(LIBDIR)
+override CFLAGS += -DVERSION=\"$(VERSION)\" -I../../libselinux/include -I$(INCLUDEDIR) 
+LDLIBS = -L../../libselinux/src -lselinux
 
 all: secon
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule/Makefile selinux-09092011-final-local-build/policycoreutils/semodule/Makefile
--- selinux-09092011-orig/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-09092011-final-local-build/policycoreutils/semodule/Makefile	2011-09-10 02:50:14.999662210 +0200
@@ -6,8 +6,8 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol -L../../libsemanage/src -lsemanage
 SEMODULE_OBJS = semodule.o
 
 all: semodule
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_deps/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_deps/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-09092011-final-local-build/policycoreutils/semodule_deps/Makefile	2011-09-10 02:30:24.767631670 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_expand/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_expand/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-final-local-build/policycoreutils/semodule_expand/Makefile	2011-09-10 02:30:08.252537492 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
 
 all: semodule_expand
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_link/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_link/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-final-local-build/policycoreutils/semodule_link/Makefile	2011-09-10 02:29:46.351416558 +0200
@@ -6,8 +6,8 @@ MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
 
 all: semodule_link
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_package/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_package/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-final-local-build/policycoreutils/semodule_package/Makefile	2011-09-10 02:29:22.305283135 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
 
 all: semodule_package semodule_unpackage
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sestatus/Makefile selinux-09092011-final-local-build/policycoreutils/sestatus/Makefile
--- selinux-09092011-orig/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-final-local-build/policycoreutils/sestatus/Makefile	2011-09-10 02:37:29.161194093 +0200
@@ -6,8 +6,8 @@ ETCDIR ?= $(DESTDIR)/etc
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS = -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDLIBS = -L../../libselinux/src -lselinux
 
 all: sestatus
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setfiles/Makefile selinux-09092011-final-local-build/policycoreutils/setfiles/Makefile
--- selinux-09092011-orig/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-09092011-final-local-build/policycoreutils/setfiles/Makefile	2011-09-10 02:28:17.323919113 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
-LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I../../libselinux/include -I$(PREFIX)/include
+LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
 	override CFLAGS += -DUSE_AUDIT
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setsebool/Makefile selinux-09092011-final-local-build/policycoreutils/setsebool/Makefile
--- selinux-09092011-orig/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-09092011-final-local-build/policycoreutils/setsebool/Makefile	2011-09-10 02:51:08.457950279 +0200
@@ -6,8 +6,8 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol -L../../libsemanage/src -lsemanage
 SETSEBOOL_OBJS = setsebool.o
 
 all: setsebool


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC v2] Userspace git local build (was Re: [RFC] Userspace git local build)

[Guido Trentalancia]

New version of the patch (v2) with a few fixes for policycoreutils tools
(new_role, restorecond, run_init). For further testing.

diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-make-arguments/checkpolicy/Makefile
--- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-09092011-make-arguments/checkpolicy/Makefile	2011-09-10 04:02:02.509326654 +0200
@@ -12,14 +12,14 @@ YACC = bison -y
 
 CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
 
-override CFLAGS += -I. -I${INCLUDEDIR}
+override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
 
 CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
 	    policy_define.o
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/test/Makefile selinux-09092011-make-arguments/checkpolicy/test/Makefile
--- selinux-09092011-orig/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-09092011-make-arguments/checkpolicy/test/Makefile	2011-09-10 04:02:52.698660334 +0200
@@ -7,9 +7,9 @@ LIBDIR=$(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 
 CFLAGS ?= -g -Wall -O2 -pipe
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-L../../libsepol/src -lsepol -L../../libselinux/src -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libselinux/src/Makefile selinux-09092011-make-arguments/libselinux/src/Makefile
--- selinux-09092011-orig/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-09092011-make-arguments/libselinux/src/Makefile	2011-09-10 04:32:15.461418855 +0200
@@ -54,7 +54,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENE
 OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
 RANLIB=ranlib
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsemanage/src/Makefile selinux-09092011-make-arguments/libsemanage/src/Makefile
--- selinux-09092011-orig/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-09092011-make-arguments/libsemanage/src/Makefile	2011-09-10 04:01:26.231080278 +0200
@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-s
 LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
 
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
+override CFLAGS += -I../include -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE 
 RANLIB=ranlib
 
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsepol/src/Makefile selinux-09092011-make-arguments/libsepol/src/Makefile
--- selinux-09092011-orig/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-09092011-make-arguments/libsepol/src/Makefile	2011-09-10 04:10:47.242613645 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/load_policy/Makefile selinux-09092011-make-arguments/policycoreutils/load_policy/Makefile
--- selinux-09092011-orig/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-09092011-make-arguments/policycoreutils/load_policy/Makefile	2011-09-10 04:03:52.381049637 +0200
@@ -6,8 +6,8 @@ MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I../../libsepol/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(PREFIX)/lib
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/mcstrans/src/Makefile selinux-09092011-make-arguments/policycoreutils/mcstrans/src/Makefile
--- selinux-09092011-orig/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-09092011-make-arguments/policycoreutils/mcstrans/src/Makefile	2011-09-10 04:14:18.767034008 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -L../../../libselinux/src -lselinux -L$(LIBDIR) -lcap -lpcre ../../../libsepol/src/libsepol.a
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/mcstrans/utils/Makefile selinux-09092011-make-arguments/policycoreutils/mcstrans/utils/Makefile
--- selinux-09092011-orig/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-09092011-make-arguments/policycoreutils/mcstrans/utils/Makefile	2011-09-10 04:14:56.866365477 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -L../../../libselinux/src -lselinux -L$(LIBDIR) -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/newrole/Makefile selinux-09092011-make-arguments/policycoreutils/newrole/Makefile
--- selinux-09092011-orig/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-09092011-make-arguments/policycoreutils/newrole/Makefile	2011-09-10 04:21:20.932405415 +0200
@@ -22,8 +22,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libselinux/src -lselinux -L$(PREFIX)/lib
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/restorecond/Makefile selinux-09092011-make-arguments/policycoreutils/restorecond/Makefile
--- selinux-09092011-orig/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-09092011-make-arguments/policycoreutils/restorecond/Makefile	2011-09-10 04:21:51.181626351 +0200
@@ -6,8 +6,8 @@ INITDIR = $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR = $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDLIBS += -L../../libselinux/src -lselinux -L$(PREFIX)/lib
 
 all: restorecond
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/run_init/Makefile selinux-09092011-make-arguments/policycoreutils/run_init/Makefile
--- selinux-09092011-orig/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-09092011-make-arguments/policycoreutils/run_init/Makefile	2011-09-10 04:21:11.156332555 +0200
@@ -9,8 +9,8 @@ PAMH = $(shell ls /usr/include/security/
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libselinux/src -lselinux -L$(PREFIX)/lib
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sandbox/Makefile selinux-09092011-make-arguments/policycoreutils/sandbox/Makefile
--- selinux-09092011-orig/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-09092011-make-arguments/policycoreutils/sandbox/Makefile	2011-09-10 03:56:03.643583917 +0200
@@ -7,7 +7,7 @@ SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -lcap-ng 
 
 all: sandbox seunshare sandboxX.sh start
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/secon/Makefile selinux-09092011-make-arguments/policycoreutils/secon/Makefile
--- selinux-09092011-orig/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-09092011-make-arguments/policycoreutils/secon/Makefile	2011-09-10 04:12:44.756319122 +0200
@@ -8,8 +8,8 @@ LIBDIR ?= ${PREFIX}/lib
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
 CFLAGS ?= $(WARNS) -O1
-override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) 
-LDLIBS = -lselinux -L$(LIBDIR)
+override CFLAGS += -DVERSION=\"$(VERSION)\" -I../../libselinux/include -I$(INCLUDEDIR) 
+LDLIBS = -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: secon
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule/Makefile selinux-09092011-make-arguments/policycoreutils/semodule/Makefile
--- selinux-09092011-orig/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-09092011-make-arguments/policycoreutils/semodule/Makefile	2011-09-10 04:05:29.747668409 +0200
@@ -6,8 +6,8 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L../../libsemanage/src -lsemanage -L$(LIBDIR)
 SEMODULE_OBJS = semodule.o
 
 all: semodule
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_deps/Makefile selinux-09092011-make-arguments/policycoreutils/semodule_deps/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-09092011-make-arguments/policycoreutils/semodule_deps/Makefile	2011-09-10 04:06:45.471140516 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_expand/Makefile selinux-09092011-make-arguments/policycoreutils/semodule_expand/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-make-arguments/policycoreutils/semodule_expand/Makefile	2011-09-10 04:06:25.648017641 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: semodule_expand
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_link/Makefile selinux-09092011-make-arguments/policycoreutils/semodule_link/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-make-arguments/policycoreutils/semodule_link/Makefile	2011-09-10 04:06:01.400865966 +0200
@@ -6,8 +6,8 @@ MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: semodule_link
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_package/Makefile selinux-09092011-make-arguments/policycoreutils/semodule_package/Makefile
--- selinux-09092011-orig/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-make-arguments/policycoreutils/semodule_package/Makefile	2011-09-10 04:04:22.508241950 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: semodule_package semodule_unpackage
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sestatus/Makefile selinux-09092011-make-arguments/policycoreutils/sestatus/Makefile
--- selinux-09092011-orig/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-09092011-make-arguments/policycoreutils/sestatus/Makefile	2011-09-10 04:16:09.041975507 +0200
@@ -6,8 +6,8 @@ ETCDIR ?= $(DESTDIR)/etc
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS = -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDLIBS = -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: sestatus
 
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setfiles/Makefile selinux-09092011-make-arguments/policycoreutils/setfiles/Makefile
--- selinux-09092011-orig/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-09092011-make-arguments/policycoreutils/setfiles/Makefile	2011-09-10 04:03:24.842870117 +0200
@@ -6,8 +6,8 @@ LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
-LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I../../libsepol/include -I$(PREFIX)/include
+LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
 	override CFLAGS += -DUSE_AUDIT
diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setsebool/Makefile selinux-09092011-make-arguments/policycoreutils/setsebool/Makefile
--- selinux-09092011-orig/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-09092011-make-arguments/policycoreutils/setsebool/Makefile	2011-09-10 04:07:20.576357124 +0200
@@ -6,8 +6,8 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= ${PREFIX}/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L../../libsemanage/src -lsemanage -L$(LIBDIR)
 SETSEBOOL_OBJS = setsebool.o
 
 all: setsebool

On Sat, 2011-09-10 at 03:04 +0200, Guido Trentalancia wrote:
> The final version of the patch which works on my system is attached
> below for further testing.
> 
> This patch is intended to make sure that the SELinux userspace libraries
> and tools bundle from the git repository can be built from scratch
> without requiring existing SELinux installations (in particular header
> files). It should also fix a possible installation issue (creation of
> symbolic links to shared libraries for libselinux and libsepol).
> 
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-final-local-build/checkpolicy/Makefile
> --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> +++ selinux-09092011-final-local-build/checkpolicy/Makefile	2011-09-10 02:47:16.066676508 +0200
> @@ -12,14 +12,14 @@ YACC = bison -y
>  
>  CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
>  
> -override CFLAGS += -I. -I${INCLUDEDIR}
> +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
>  
>  CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
>  	    policy_define.o
>  CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
>  CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
>  
> -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  GENERATED=lex.yy.c y.tab.c y.tab.h
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/test/Makefile selinux-09092011-final-local-build/checkpolicy/test/Makefile
> --- selinux-09092011-orig/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
> +++ selinux-09092011-final-local-build/checkpolicy/test/Makefile	2011-09-10 02:44:50.695849882 +0200
> @@ -7,9 +7,9 @@ LIBDIR=$(PREFIX)/lib
>  INCLUDEDIR ?= $(PREFIX)/include
>  
>  CFLAGS ?= -g -Wall -O2 -pipe
> -override CFLAGS += -I$(INCLUDEDIR)
> +override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
>  
> -LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
> +LDLIBS=-L../../libselinux/src -lselinux -L../../libsepol/src -lsepol ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  all: dispol dismod
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libselinux/src/Makefile selinux-09092011-final-local-build/libselinux/src/Makefile
> --- selinux-09092011-orig/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
> +++ selinux-09092011-final-local-build/libselinux/src/Makefile	2011-09-10 02:44:02.015567636 +0200
> @@ -54,7 +54,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENE
>  OBJS= $(patsubst %.c,%.o,$(SRCS))
>  LOBJS= $(patsubst %.c,%.lo,$(SRCS))
>  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
> -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> +override CFLAGS += -I../include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
>  RANLIB=ranlib
>  
>  ARCH := $(patsubst i%86,i386,$(shell uname -m))
> @@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
>  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
>  
>  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
>  
>  %.o:  %.c policy.h
>  	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
> @@ -126,7 +126,7 @@ install: all
>  	install -m 755 $(LIBSO) $(SHLIBDIR)
>  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> +	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
>  
>  install-pywrap: pywrap
>  	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsemanage/src/Makefile selinux-09092011-final-local-build/libsemanage/src/Makefile
> --- selinux-09092011-orig/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
> +++ selinux-09092011-final-local-build/libsemanage/src/Makefile	2011-09-10 02:48:50.111197707 +0200
> @@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-s
>  LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
>  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
>  
> -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
> +override CFLAGS += -I../include -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE 
>  RANLIB=ranlib
>  
>  SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
> @@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
>  	$(RANLIB) $@
>  
>  $(LIBSO): $(LOBJS)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>  	ln -sf $@ $(TARGET)
>  
>  $(LIBPC): $(LIBPC).in
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/libsepol/src/Makefile selinux-09092011-final-local-build/libsepol/src/Makefile
> --- selinux-09092011-orig/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
> +++ selinux-09092011-final-local-build/libsepol/src/Makefile	2011-09-10 01:58:06.437254998 +0200
> @@ -43,7 +43,7 @@ install: all
>  	install -m 755 $(LIBSO) $(SHLIBDIR)
>  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> +	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
>  
>  relabel:
>  	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/load_policy/Makefile selinux-09092011-final-local-build/policycoreutils/load_policy/Makefile
> --- selinux-09092011-orig/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/load_policy/Makefile	2011-09-10 02:28:53.752122765 +0200
> @@ -6,8 +6,8 @@ MANDIR ?= $(PREFIX)/share/man
>  LOCALEDIR ?= /usr/share/locale
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> +override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I../../libsepol/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/mcstrans/src/Makefile selinux-09092011-final-local-build/policycoreutils/mcstrans/src/Makefile
> --- selinux-09092011-orig/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/mcstrans/src/Makefile	2011-09-10 02:39:34.153967929 +0200
> @@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
>  all: $(PROG)
>  
>  $(PROG): $(PROG_OBJS)
> -	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
> +	$(CC) $(LDFLAGS) -pie -o $@ $^ -L../../../libselinux/src -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
>  
>  %.o:  %.c 
>  	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/mcstrans/utils/Makefile selinux-09092011-final-local-build/policycoreutils/mcstrans/utils/Makefile
> --- selinux-09092011-orig/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/mcstrans/utils/Makefile	2011-09-10 02:41:11.963560821 +0200
> @@ -21,7 +21,7 @@ endif
>  
>  CFLAGS ?= -Wall
>  override CFLAGS += -I../src -D_GNU_SOURCE
> -LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
> +LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -L../../../libselinux/src -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lpcre
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/newrole/Makefile selinux-09092011-final-local-build/policycoreutils/newrole/Makefile
> --- selinux-09092011-orig/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/newrole/Makefile	2011-09-10 01:58:14.064277530 +0200
> @@ -22,7 +22,7 @@ VERSION = $(shell cat ../VERSION)
>  
>  CFLAGS ?= -Werror -Wall -W
>  EXTRA_OBJS =
> -override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
>  LDLIBS += -lselinux -L$(PREFIX)/lib
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/restorecond/Makefile selinux-09092011-final-local-build/policycoreutils/restorecond/Makefile
> --- selinux-09092011-orig/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/restorecond/Makefile	2011-09-10 01:58:14.064277530 +0200
> @@ -6,7 +6,7 @@ INITDIR = $(DESTDIR)/etc/rc.d/init.d
>  SELINUXDIR = $(DESTDIR)/etc/selinux
>  
>  CFLAGS ?= -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> +override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
>  LDLIBS += -lselinux -L$(PREFIX)/lib
>  
>  all: restorecond
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/run_init/Makefile selinux-09092011-final-local-build/policycoreutils/run_init/Makefile
> --- selinux-09092011-orig/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/run_init/Makefile	2011-09-10 01:58:14.064277530 +0200
> @@ -9,7 +9,7 @@ PAMH = $(shell ls /usr/include/security/
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
>  LDLIBS += -lselinux -L$(PREFIX)/lib
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sandbox/Makefile selinux-09092011-final-local-build/policycoreutils/sandbox/Makefile
> --- selinux-09092011-orig/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/sandbox/Makefile	2011-09-10 01:58:14.064277530 +0200
> @@ -7,7 +7,7 @@ SBINDIR ?= $(PREFIX)/sbin
>  MANDIR ?= $(PREFIX)/share/man
>  LOCALEDIR ?= /usr/share/locale
>  SHAREDIR ?= $(PREFIX)/share/sandbox
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
> +override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
>  LDLIBS += -lselinux -lcap-ng 
>  
>  all: sandbox seunshare sandboxX.sh start
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/secon/Makefile selinux-09092011-final-local-build/policycoreutils/secon/Makefile
> --- selinux-09092011-orig/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/secon/Makefile	2011-09-10 02:40:05.057152235 +0200
> @@ -8,8 +8,8 @@ LIBDIR ?= ${PREFIX}/lib
>  WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
>  VERSION = $(shell cat ../VERSION)
>  CFLAGS ?= $(WARNS) -O1
> -override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) 
> -LDLIBS = -lselinux -L$(LIBDIR)
> +override CFLAGS += -DVERSION=\"$(VERSION)\" -I../../libselinux/include -I$(INCLUDEDIR) 
> +LDLIBS = -L../../libselinux/src -lselinux
>  
>  all: secon
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule/Makefile selinux-09092011-final-local-build/policycoreutils/semodule/Makefile
> --- selinux-09092011-orig/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/semodule/Makefile	2011-09-10 02:50:14.999662210 +0200
> @@ -6,8 +6,8 @@ MANDIR = $(PREFIX)/share/man
>  LIBDIR ?= ${PREFIX}/lib
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
> +override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
> +LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol -L../../libsemanage/src -lsemanage
>  SEMODULE_OBJS = semodule.o
>  
>  all: semodule
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_deps/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_deps/Makefile
> --- selinux-09092011-orig/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/semodule_deps/Makefile	2011-09-10 02:30:24.767631670 +0200
> @@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = $(LIBDIR)/libsepol.a
> +override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
> +LDLIBS = ../../libsepol/src/libsepol.a
>  
>  all: semodule_deps
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_expand/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_expand/Makefile
> --- selinux-09092011-orig/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/semodule_expand/Makefile	2011-09-10 02:30:08.252537492 +0200
> @@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -L$(LIBDIR)
> +override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
> +LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
>  
>  all: semodule_expand
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_link/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_link/Makefile
> --- selinux-09092011-orig/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/semodule_link/Makefile	2011-09-10 02:29:46.351416558 +0200
> @@ -6,8 +6,8 @@ MANDIR ?= $(PREFIX)/share/man
>  LIBDIR ?= ${PREFIX}/lib
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -L$(LIBDIR)
> +override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
> +LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
>  
>  all: semodule_link
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/semodule_package/Makefile selinux-09092011-final-local-build/policycoreutils/semodule_package/Makefile
> --- selinux-09092011-orig/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/semodule_package/Makefile	2011-09-10 02:29:22.305283135 +0200
> @@ -6,8 +6,8 @@ LIBDIR ?= ${PREFIX}/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -L$(LIBDIR)
> +override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
> +LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux
>  
>  all: semodule_package semodule_unpackage
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/sestatus/Makefile selinux-09092011-final-local-build/policycoreutils/sestatus/Makefile
> --- selinux-09092011-orig/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/sestatus/Makefile	2011-09-10 02:37:29.161194093 +0200
> @@ -6,8 +6,8 @@ ETCDIR ?= $(DESTDIR)/etc
>  LIBDIR ?= ${PREFIX}/lib
>  
>  CFLAGS = -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> -LDLIBS = -lselinux -L$(LIBDIR)
> +override CFLAGS += -I../../libselinux/include -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> +LDLIBS = -L../../libselinux/src -lselinux
>  
>  all: sestatus
>  
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setfiles/Makefile selinux-09092011-final-local-build/policycoreutils/setfiles/Makefile
> --- selinux-09092011-orig/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/setfiles/Makefile	2011-09-10 02:28:17.323919113 +0200
> @@ -6,8 +6,8 @@ LIBDIR ?= $(PREFIX)/lib
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
>  CFLAGS = -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include
> -LDLIBS = -lselinux -lsepol -L$(LIBDIR)
> +override CFLAGS += -I../../libsepol/include -I../../libselinux/include -I$(PREFIX)/include
> +LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol
>  
>  ifeq (${AUDITH}, /usr/include/libaudit.h)
>  	override CFLAGS += -DUSE_AUDIT
> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/policycoreutils/setsebool/Makefile selinux-09092011-final-local-build/policycoreutils/setsebool/Makefile
> --- selinux-09092011-orig/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-09092011-final-local-build/policycoreutils/setsebool/Makefile	2011-09-10 02:51:08.457950279 +0200
> @@ -6,8 +6,8 @@ MANDIR = $(PREFIX)/share/man
>  LIBDIR ?= ${PREFIX}/lib
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
> +override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
> +LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol -L../../libsemanage/src -lsemanage
>  SETSEBOOL_OBJS = setsebool.o
>  
>  all: setsebool
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Joshua Brindle]

Eric Paris wrote:
> On 09/09/2011 07:12 PM, Guido Trentalancia wrote:
>> On Fri, 2011-09-09 at 19:07 -0400, Eric Paris wrote:
>>> On 09/09/2011 06:35 PM, Guido Trentalancia wrote:
>>>> The following patch is probably even better as it actually sorts out the
>>>> problem rather than just printing out a warning (it can still be
>>>> combined with the creation of a top-level README file):
>>>>
>>>> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
>>>> --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
>>>> +++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
>>>> @@ -12,7 +12,7 @@ YACC = bison -y
>>>>
>>>>   CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
>>>>
>>>> -override CFLAGS += -I. -I${INCLUDEDIR}
>>>> +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
>>> I haven't checked, but can the makefiles then work when there is no
>>> ../libsepol/include?
>> If ../libsepol/include does not exist and libsepol headers are not
>> installed under the standard location (${INCLUDEDIR}), then the above is
>> going to fail.
>>
>> But why should libsepol/include be missing from git in the first
>> place ??
>
> I agree that they must be in one or the other for it to build.  A number
> of distros build these packages separately, rather than all at once.
> Thus there would be no ../libsepol/include directory at all, but the
> headers should be picked up by -I$(INCLUDEDIR).  As long as gcc doesn't
> care that the directory doesn't exist, I actually like it.
>

gcc doesn't care and I swear we use to have ../ directories in the 
include path, not sure what happened to those :X

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Guido Trentalancia]

On Sun, 2011-09-11 at 19:22 -0400, Joshua Brindle wrote:
> Eric Paris wrote:
> > On 09/09/2011 07:12 PM, Guido Trentalancia wrote:
> >> On Fri, 2011-09-09 at 19:07 -0400, Eric Paris wrote:
> >>> On 09/09/2011 06:35 PM, Guido Trentalancia wrote:
> >>>> The following patch is probably even better as it actually sorts out the
> >>>> problem rather than just printing out a warning (it can still be
> >>>> combined with the creation of a top-level README file):
> >>>>
> >>>> diff -x '*.po' -x '*.pot' -pru selinux-09092011-orig/checkpolicy/Makefile selinux-09092011-local-headers/checkpolicy/Makefile
> >>>> --- selinux-09092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> >>>> +++ selinux-09092011-local-headers/checkpolicy/Makefile	2011-09-10 00:21:16.242852130 +0200
> >>>> @@ -12,7 +12,7 @@ YACC = bison -y
> >>>>
> >>>>   CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
> >>>>
> >>>> -override CFLAGS += -I. -I${INCLUDEDIR}
> >>>> +override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
> >>> I haven't checked, but can the makefiles then work when there is no
> >>> ../libsepol/include?
> >> If ../libsepol/include does not exist and libsepol headers are not
> >> installed under the standard location (${INCLUDEDIR}), then the above is
> >> going to fail.
> >>
> >> But why should libsepol/include be missing from git in the first
> >> place ??
> >
> > I agree that they must be in one or the other for it to build.  A number
> > of distros build these packages separately, rather than all at once.
> > Thus there would be no ../libsepol/include directory at all, but the
> > headers should be picked up by -I$(INCLUDEDIR).  As long as gcc doesn't
> > care that the directory doesn't exist, I actually like it.
> >
> 
> gcc doesn't care and I swear we use to have ../ directories in the 
> include path, not sure what happened to those :X

Honestly, I don't know, I can't remember. From reading a bit of git log,
perhaps I can speculate it wasn't there, but what I am hitting is also
cross-dependencies between the objects in the library directories (so
for example libsepol symbols being required by objects in the libselinux
directory).

But if you decide to apply that latest patch, you then need a different
patch afterwards to fix the LIBDIR issue with load_policy:

--- selinux-09092011-make-arguments/policycoreutils/load_policy/Makefile	2011-09-10 04:03:52.381049637 +0200
+++ selinux-09092011-make-arguments-fix-load_policy-LIBDIR/policycoreutils/load_policy/Makefile	2011-09-12 02:54:23.279934801 +0200
@@ -3,11 +3,12 @@ PREFIX ?= ${DESTDIR}/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/usr/lib
 LOCALEDIR ?= /usr/share/locale
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I../../libsepol/include -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(PREFIX)/lib
+LDLIBS += -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 

It is maintenance tasks and it strongly depends which way you prefer
amongst many different ways of doing it more or less equivalently. There
might be other things that could be fixed too.

Or a new complete patch (with further minor fixes) could be as follows:

This is a maintenance patch for further testing. It potentially replaces
any other patch previously posted in this same thread.

Make sure that the SELinux userspace libraries and tools bundle from the
git repository can be built from scratch without requiring existing
SELinux installations (in particular header files).

Fix a possible installation issue (creation of symbolic links with wrong
target to shared libraries for libselinux and libsepol).

Replace curly brackets with parentheses for some variables such as
DESTDIR and PREFIX in the Makefiles. Add and make use of LIBDIR and
INCLUDEDIR where appropriate within the Makefiles. Make use of PREFIX
for creating LOCALEDIR within the Makefiles. Do not override passed
environment variables (replace = with ?=) within the Makefiles.

diff -pru selinux/checkpolicy/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/checkpolicy/Makefile	2011-09-12 03:05:45.347163564 +0200
@@ -12,14 +12,14 @@ YACC = bison -y
 
 CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
 
-override CFLAGS += -I. -I${INCLUDEDIR}
+override CFLAGS += -I. -I../libsepol/include -I${INCLUDEDIR}
 
 CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
 	    policy_define.o
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pru selinux/checkpolicy/test/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/checkpolicy/test/Makefile	2011-09-12 03:05:45.348163614 +0200
@@ -7,9 +7,9 @@ LIBDIR=$(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 
 CFLAGS ?= -g -Wall -O2 -pipe
-override CFLAGS += -I$(INCLUDEDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-L../../libsepol/src -lsepol -L../../libselinux/src -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pru selinux/libselinux/src/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libselinux/src/Makefile	2011-09-12 03:05:45.349163662 +0200
@@ -54,7 +54,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENE
 OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
 RANLIB=ranlib
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pru selinux/libsemanage/src/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsemanage/src/Makefile	2011-09-12 03:05:45.350163708 +0200
@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-s
 LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
 
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
+override CFLAGS += -I../include -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE 
 RANLIB=ranlib
 
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
diff -pru selinux/libsepol/src/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsepol/src/Makefile
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsepol/src/Makefile	2011-09-12 03:05:45.351163751 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -pru selinux/policycoreutils/audit2allow/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/audit2allow/Makefile	2011-09-12 03:30:42.428707945 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pru selinux/policycoreutils/audit2why/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/audit2why/Makefile	2011-09-12 03:23:29.933039451 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pru selinux/policycoreutils/load_policy/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/load_policy/Makefile	2011-09-12 03:34:53.862216941 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pru selinux/policycoreutils/mcstrans/src/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/mcstrans/src/Makefile	2011-09-12 03:05:45.351163751 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -L../../../libselinux/src -lselinux -L$(LIBDIR) -lcap -lpcre ../../../libsepol/src/libsepol.a
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pru selinux/policycoreutils/mcstrans/utils/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/mcstrans/utils/Makefile	2011-09-12 03:05:45.351163751 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -L../../../libselinux/src -lselinux -L$(LIBDIR) -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pru selinux/policycoreutils/newrole/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/newrole/Makefile	2011-09-12 03:43:51.666590241 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I../../libselinux/include -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libselinux/src -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pru selinux/policycoreutils/restorecond/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/restorecond/Makefile	2011-09-12 03:14:53.053779265 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I../../libselinux/include -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pru selinux/policycoreutils/run_init/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/run_init/Makefile	2011-09-12 03:17:44.646835066 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I../../libselinux/include -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libselinux/src -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pru selinux/policycoreutils/sandbox/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/sandbox/Makefile	2011-09-12 03:22:05.676502737 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng 
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -L../../libselinux/src -lselinux -L$(LIBDIR) -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pru selinux/policycoreutils/scripts/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/scripts/Makefile	2011-09-12 03:23:14.450939678 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
diff -pru selinux/policycoreutils/secon/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/secon/Makefile	2011-09-12 03:13:21.263202624 +0200
@@ -1,15 +1,15 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
 CFLAGS ?= $(WARNS) -O1
-override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) 
-LDLIBS = -lselinux -L$(LIBDIR)
+override CFLAGS += -DVERSION=\"$(VERSION)\" -I../../libselinux/include -I$(INCLUDEDIR) 
+LDLIBS = -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: secon
 
diff -pru selinux/policycoreutils/semanage/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semanage/Makefile	2011-09-12 03:28:17.878828483 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pru selinux/policycoreutils/semodule/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule/Makefile	2011-09-12 03:43:35.983488162 +0200
@@ -2,12 +2,12 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+override CFLAGS += -I../../libsemanage/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L../../libsemanage/src -lsemanage -L$(LIBDIR)
 SEMODULE_OBJS = semodule.o
 
 all: semodule
diff -pru selinux/policycoreutils/semodule_deps/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_deps/Makefile	2011-09-12 03:29:21.625217525 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pru selinux/policycoreutils/semodule_expand/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_expand/Makefile	2011-09-12 03:11:53.599642029 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: semodule_expand
 
diff -pru selinux/policycoreutils/semodule_link/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_link/Makefile	2011-09-12 03:29:39.181324480 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: semodule_link
 
diff -pru selinux/policycoreutils/semodule_package/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/semodule_package/Makefile	2011-09-12 03:27:43.900619899 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: semodule_package semodule_unpackage
 
diff -pru selinux/policycoreutils/sestatus/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/sestatus/Makefile	2011-09-12 03:43:09.451314577 +0200
@@ -1,13 +1,14 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
 
 CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS = -lselinux -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS = -L../../libselinux/src -lselinux -L$(LIBDIR)
 
 all: sestatus
 
diff -pru selinux/policycoreutils/setfiles/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/setfiles/Makefile	2011-09-12 03:16:16.746296412 +0200
@@ -1,13 +1,14 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
-LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libselinux/src -lselinux -L../../libsepol/src -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
 	override CFLAGS += -DUSE_AUDIT
diff -pru selinux/policycoreutils/setsebool/Makefile selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/policycoreutils/setsebool/Makefile	2011-09-12 03:28:59.120080111 +0200
@@ -2,12 +2,12 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+override CFLAGS += -I../../libselinux/include -I../../libsemanage/include -I$(INCLUDEDIR)
+LDLIBS = -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L../../libsemanage/src -lsemanage -L$(LIBDIR)
 SETSEBOOL_OBJS = setsebool.o
 
 all: setsebool

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Userspace top-level Makefile (was Re: [PATCH] Fix LIBDIR usage for load_policy)

[Joshua Brindle]

Guido Trentalancia wrote:
> On Sun, 2011-09-11 at 19:22 -0400, Joshua Brindle wrote:
>> Eric Paris wrote:
>>> On 09/09/2011 07:12 PM, Guido Trentalancia wrote:
<snip>>>
>> gcc doesn't care and I swear we use to have ../ directories in the
>> include path, not sure what happened to those :X
>
> Honestly, I don't know, I can't remember. From reading a bit of git log,
> perhaps I can speculate it wasn't there, but what I am hitting is also
> cross-dependencies between the objects in the library directories (so
> for example libsepol symbols being required by objects in the libselinux
> directory).
>

Probably pre-git

> @@ -126,7 +126,7 @@ install: all
>   	install -m 755 $(LIBSO) $(SHLIBDIR)
>   	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>   	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> -	cd $(LIBDIR)&&  ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> +	cd $(LIBDIR)&&  ln -sf $(LIBSO) $(TARGET)
>
>   install-pywrap: pywrap
>   	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux

What is the purpose of this? It definitely doesn't seem right to me :\

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule

[Stephen Smalley]

On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> I'm also really annoyed by this at times, but I don't know what the
> right answer is.
> 
> We really treat it like we have 5+ separate projects which just all
> happen to live in the same git tree.  Thus to build libselinux you
> must have already built and installed libsepol.  And then to build
> libsemanage you need to have done that with both libsepol and
> libselinux.  Then of course to get the builds and install right (on
> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> Its a mess, but I don't know what to do that's better....

make DESTDIR=~/out at top-level should work fine - it will build and
install each library into a private tree (as specified by DESTDIR) and
then build and install the programs against those libraries.  Without
needing to clobber the system ones.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Improve installation of userspace shared libraries (was Re: [RFC] Userspace top-level Makefile)

[Guido Trentalancia]

Hi Joshua,

thanks very much for your comments !

On Mon, 2011-09-12 at 08:41 -0400, Joshua Brindle wrote:
> Guido Trentalancia wrote:
> > On Sun, 2011-09-11 at 19:22 -0400, Joshua Brindle wrote:
> >> Eric Paris wrote:
> >>> On 09/09/2011 07:12 PM, Guido Trentalancia wrote:
> <snip>>>
> >> gcc doesn't care and I swear we use to have ../ directories in the
> >> include path, not sure what happened to those :X
> >
> > Honestly, I don't know, I can't remember. From reading a bit of git log,
> > perhaps I can speculate it wasn't there, but what I am hitting is also
> > cross-dependencies between the objects in the library directories (so
> > for example libsepol symbols being required by objects in the libselinux
> > directory).
> >
> 
> Probably pre-git
> 
> > @@ -126,7 +126,7 @@ install: all
> >   	install -m 755 $(LIBSO) $(SHLIBDIR)
> >   	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
> >   	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> > -	cd $(LIBDIR)&&  ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> > +	cd $(LIBDIR)&&  ln -sf $(LIBSO) $(TARGET)
> >
> >   install-pywrap: pywrap
> >   	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
> 
> What is the purpose of this? It definitely doesn't seem right to me :\

In the first place it was to be coherent with what is being done by
libsemanage. However, it is not entirely correct, as LIBDIR should be
replaced by SHLIBDIR.

Note that apparently libsepol needs to be installed in /lib instead of
$PREFIX/lib (and there is an evident mismatch between the default values
for LIBDIR and SHLIBDIR compared to the other two cases).

diff -pru selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libselinux/src/Makefile selinux-12092011-test/libselinux/src/Makefile
--- selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libselinux/src/Makefile	2011-09-12 03:05:45.349163662 +0200
+++ selinux-12092011-test/libselinux/src/Makefile	2011-09-12 21:54:51.527394433 +0200
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pru selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsemanage/src/Makefile selinux-12092011-test/libsemanage/src/Makefile
--- selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsemanage/src/Makefile	2011-09-12 03:05:45.350163708 +0200
+++ selinux-12092011-test/libsemanage/src/Makefile	2011-09-12 21:54:20.618245062 +0200
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pru selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsepol/src/Makefile selinux-12092011-test/libsepol/src/Makefile
--- selinux-12092011-git-fix-local-build-fix-load_policy-LIBDIR-v2/libsepol/src/Makefile	2011-09-12 03:05:45.351163751 +0200
+++ selinux-12092011-test/libsepol/src/Makefile	2011-09-12 21:53:56.414127000 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)

Or otherwise, with respect to actual git, it should look like (also
modifies include and link directories):

--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-12092011-test/libselinux/src/Makefile	2011-09-12 21:54:51.527394433 +0200
@@ -54,7 +54,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENE
 OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
 RANLIB=ranlib
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-12092011-test/libsemanage/src/Makefile	2011-09-12 21:54:20.618245062 +0200
@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-s
 LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
 
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
+override CFLAGS += -I../include -I../../libselinux/include -I../../libsepol/include -I$(INCLUDEDIR) -D_GNU_SOURCE 
 RANLIB=ranlib
 
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L../../libsepol/src -lsepol -L../../libselinux/src -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-12092011-test/libsepol/src/Makefile	2011-09-12 21:53:56.414127000 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)

Is there anything else that looks odd in it ? Partial description could
be something like this:

Simply use the filename as the target instead of the full path to the
shared libraries when creating the links in SHLIBDIR during
installation.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Guido Trentalancia]

Hi Stephen.

On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> > I'm also really annoyed by this at times, but I don't know what the
> > right answer is.
> > 
> > We really treat it like we have 5+ separate projects which just all
> > happen to live in the same git tree.  Thus to build libselinux you
> > must have already built and installed libsepol.  And then to build
> > libsemanage you need to have done that with both libsepol and
> > libselinux.  Then of course to get the builds and install right (on
> > Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> > for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> > Its a mess, but I don't know what to do that's better....
> 
> make DESTDIR=~/out at top-level should work fine - it will build and
> install each library into a private tree (as specified by DESTDIR) and
> then build and install the programs against those libraries.  Without
> needing to clobber the system ones.

At the moment, it does not, until the Makefile(s) are modified or at
least until the libraries are manually installed first.

Try by yourself, but do not forget to remove
$(PREFIX)/usr/include/{selinux,semanage,sepol} and
$(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Eric Paris]

On 09/12/2011 04:29 PM, Guido Trentalancia wrote:
> Hi Stephen.
> 
> On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
>> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
>>> I'm also really annoyed by this at times, but I don't know what the
>>> right answer is.
>>>
>>> We really treat it like we have 5+ separate projects which just all
>>> happen to live in the same git tree.  Thus to build libselinux you
>>> must have already built and installed libsepol.  And then to build
>>> libsemanage you need to have done that with both libsepol and
>>> libselinux.  Then of course to get the builds and install right (on
>>> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
>>> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
>>> Its a mess, but I don't know what to do that's better....
>>
>> make DESTDIR=~/out at top-level should work fine - it will build and
>> install each library into a private tree (as specified by DESTDIR) and
>> then build and install the programs against those libraries.  Without
>> needing to clobber the system ones.
> 
> At the moment, it does not, until the Makefile(s) are modified or at
> least until the libraries are manually installed first.
> 
> Try by yourself, but do not forget to remove
> $(PREFIX)/usr/include/{selinux,semanage,sepol} and
> $(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !

I recently added the patch which changed the global to be 'build'
instead of 'install', so sds might not realize that 'install' is no
longer the default, however I think Guido is right about the install
having a number of paces that it hard coded things...

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Guido Trentalancia]

Hi Eric.

On Mon, 2011-09-12 at 18:01 -0400, Eric Paris wrote:
> On 09/12/2011 04:29 PM, Guido Trentalancia wrote:
> > Hi Stephen.
> > 
> > On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
> >> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> >>> I'm also really annoyed by this at times, but I don't know what the
> >>> right answer is.
> >>>
> >>> We really treat it like we have 5+ separate projects which just all
> >>> happen to live in the same git tree.  Thus to build libselinux you
> >>> must have already built and installed libsepol.  And then to build
> >>> libsemanage you need to have done that with both libsepol and
> >>> libselinux.  Then of course to get the builds and install right (on
> >>> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> >>> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> >>> Its a mess, but I don't know what to do that's better....
> >>
> >> make DESTDIR=~/out at top-level should work fine - it will build and
> >> install each library into a private tree (as specified by DESTDIR) and
> >> then build and install the programs against those libraries.  Without
> >> needing to clobber the system ones.
> > 
> > At the moment, it does not, until the Makefile(s) are modified or at
> > least until the libraries are manually installed first.
> > 
> > Try by yourself, but do not forget to remove
> > $(PREFIX)/usr/include/{selinux,semanage,sepol} and
> > $(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !
> 
> I recently added the patch which changed the global to be 'build'
> instead of 'install', so sds might not realize that 'install' is no
> longer the default, however I think Guido is right about the install
> having a number of paces that it hard coded things...

The new target seems to be "all" (introduced on Aug the 11th by Eric).

However, at the moment, without an existing installation in place the
build fails on my system because it cannot source header files from
$(PREFIX)/include/{selinux,sepol,semanage} during compilation and then
because it cannot source shared libraries from LIBDIR ?= $(PREFIX)/lib
during linking.

It also fails if an existing installation provides obsolete header
files.

Another (even better) way of achieving the same would probably be to set
a TOPLEVEL variable to "pwd" (shell builtin for current directory) in
the top-level Makefile and then add -I
$(TOPLEVEL)/{selinux,sepol,semanage}/include and -L
$(TOPLEVEL)/lib{selinux,sepol,semanage}/src to CFLAGS and LDFLAGS
respectively...

What do you think ?

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Guido Trentalancia]

On Tue, 2011-09-13 at 01:05 +0200, Guido Trentalancia wrote:
> Hi Eric.
> 
> On Mon, 2011-09-12 at 18:01 -0400, Eric Paris wrote:
> > On 09/12/2011 04:29 PM, Guido Trentalancia wrote:
> > > Hi Stephen.
> > > 
> > > On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
> > >> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> > >>> I'm also really annoyed by this at times, but I don't know what the
> > >>> right answer is.
> > >>>
> > >>> We really treat it like we have 5+ separate projects which just all
> > >>> happen to live in the same git tree.  Thus to build libselinux you
> > >>> must have already built and installed libsepol.  And then to build
> > >>> libsemanage you need to have done that with both libsepol and
> > >>> libselinux.  Then of course to get the builds and install right (on
> > >>> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> > >>> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> > >>> Its a mess, but I don't know what to do that's better....
> > >>
> > >> make DESTDIR=~/out at top-level should work fine - it will build and
> > >> install each library into a private tree (as specified by DESTDIR) and
> > >> then build and install the programs against those libraries.  Without
> > >> needing to clobber the system ones.
> > > 
> > > At the moment, it does not, until the Makefile(s) are modified or at
> > > least until the libraries are manually installed first.
> > > 
> > > Try by yourself, but do not forget to remove
> > > $(PREFIX)/usr/include/{selinux,semanage,sepol} and
> > > $(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !
> > 
> > I recently added the patch which changed the global to be 'build'
> > instead of 'install', so sds might not realize that 'install' is no
> > longer the default, however I think Guido is right about the install
> > having a number of paces that it hard coded things...
> 
> The new target seems to be "all" (introduced on Aug the 11th by Eric).
> 
> However, at the moment, without an existing installation in place the
> build fails on my system because it cannot source header files from
> $(PREFIX)/include/{selinux,sepol,semanage} during compilation and then
> because it cannot source shared libraries from LIBDIR ?= $(PREFIX)/lib
> during linking.
> 
> It also fails if an existing installation provides obsolete header
> files.
> 
> Another (even better) way of achieving the same would probably be to set
> a TOPLEVEL variable to "pwd" (shell builtin for current directory) in
> the top-level Makefile and then add -I
> $(TOPLEVEL)/{selinux,sepol,semanage}/include and -L
> $(TOPLEVEL)/lib{selinux,sepol,semanage}/src to CFLAGS and LDFLAGS
> respectively...

And here is what I meant:

diff -pruN selinux/checkpolicy/Makefile selinux-12092011-test-toplevel-arguments/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-12092011-test-toplevel-arguments/checkpolicy/Makefile	2011-09-13 02:24:20.252767154 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux/checkpolicy/test/Makefile selinux-12092011-test-toplevel-arguments/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-12092011-test-toplevel-arguments/checkpolicy/test/Makefile	2011-09-13 02:25:01.297083713 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux/Makefile selinux-12092011-test-toplevel-arguments/Makefile
--- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-12092011-test-toplevel-arguments/Makefile	2011-09-13 02:29:20.085069282 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-12092011-test-toplevel-arguments/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-12092011-test-toplevel-arguments/policycoreutils/semodule_deps/Makefile	2011-09-13 02:14:41.954328802 +0200
@@ -7,7 +7,7 @@ MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-12092011-test-toplevel-arguments/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-12092011-test-toplevel-arguments/policycoreutils/sestatus/Makefile	2011-09-13 02:12:59.996589853 +0200
@@ -5,7 +5,7 @@ MANDIR = $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
 LIBDIR ?= ${PREFIX}/lib
 
-CFLAGS = -Werror -Wall -W
+CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-12092011-test-toplevel-arguments/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-12092011-test-toplevel-arguments/policycoreutils/setfiles/Makefile	2011-09-13 02:12:44.826477882 +0200
@@ -5,7 +5,7 @@ MANDIR = $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
+CFLAGS ?= -g -Werror -Wall -W
 override CFLAGS += -I$(PREFIX)/include
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
diff -pruN selinux/README selinux-12092011-test-toplevel-arguments/README
--- selinux/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-12092011-test-toplevel-arguments/README	2011-09-13 02:22:53.625094846 +0200
@@ -0,0 +1,17 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+Please see the Makefile(s) for other environment variables that can be used.

There are many different ways of achieving it.

Using the CURDIR variable provided by make is quite nice. Not only it is
much simpler and much cleaner, but it also avoids the need to revert the
patch before creating the separate components to be released.

However there are many other bits left out from previously posted
patches (honor LIBDIR for load_policy, LIBSO link creation in SHLIBDIR
for the three shared libraries, genhomedircon manual page, do not
hard-code path in genhomedircon script, replacement of curly brackets
with parentheses for some variables in some makefiles, make use of
PREFIX for determining LOCALEDIR in some makefiles, do not override
passed environment variables in some makefiles, et cetera).

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v2] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix includes for userspace tools and libraries)

[Guido Trentalancia]

Hello again.

I have prepared a new revised and possibly (in)complete version of the
patch.

On Tue, 2011-09-13 at 02:53 +0200, Guido Trentalancia wrote:
> > However, at the moment, without an existing installation in place the
> > build fails on my system because it cannot source header files from
> > $(PREFIX)/include/{selinux,sepol,semanage} during compilation and then
> > because it cannot source shared libraries from LIBDIR ?= $(PREFIX)/lib
> > during linking.
> > 
> > It also fails if an existing installation provides obsolete header
> > files.
> > 
> > Another (even better) way of achieving the same would probably be to set
> > a TOPLEVEL variable to "pwd" (shell builtin for current directory) in
> > the top-level Makefile and then add -I
> > $(TOPLEVEL)/{selinux,sepol,semanage}/include and -L
> > $(TOPLEVEL)/lib{selinux,sepol,semanage}/src to CFLAGS and LDFLAGS
> > respectively...
> 
> And here is what I meant:
> 
[cut]
> There are many different ways of achieving it.
> 
> Using the CURDIR variable provided by make is quite nice. Not only it is
> much simpler and much cleaner, but it also avoids the need to revert the
> patch before creating the separate components to be released.
> 
> However there are many other bits left out from previously posted
> patches (honor LIBDIR for load_policy, LIBSO link creation in SHLIBDIR
> for the three shared libraries, genhomedircon manual page, do not
> hard-code path in genhomedircon script, replacement of curly brackets
> with parentheses for some variables in some makefiles, make use of
> PREFIX for determining LOCALEDIR in some makefiles, do not override
> passed environment variables in some makefiles, et cetera).

This is a maintenance patch for further testing. It potentially replaces
any other patch previously posted in this same and/or other recent
threads.

Make sure that the SELinux userspace libraries and tools bundle from the
git repository can be built from scratch without requiring existing
SELinux installations (in particular header files) by exploiting the
CURDIR variable (provided by the make tool itself) in the top-level
Makefile only.

Create a top-level README file which is intended to provide a few
details about some of the possible environment variables that can be
configured and passed to the make tool.

Fix a possible installation issue (creation of symbolic links to shared
libraries using a wrong target file and in a possibly wrong directory
for libselinux, libsepol and libsemanage).

Do not hard-code the path to semodule in the genhomedircon script but
rather generate it each time by using PREFIX. Improve the manual page
for genhomedircon.

Replace curly brackets with parentheses for some variables such as
DESTDIR and PREFIX in the Makefiles. Add and make use of LIBDIR and
INCLUDEDIR where appropriate within the Makefiles. Make use of PREFIX
for determining the value of LOCALEDIR within some of the Makefiles. Do
not override the environment variables passed from the command-line for
some of the Makefiles.

diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-13092011/checkpolicy/Makefile	2011-09-13 02:58:19.314224502 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux/checkpolicy/test/Makefile selinux-13092011/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-13092011/checkpolicy/test/Makefile	2011-09-13 02:58:19.315224529 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux/libselinux/src/Makefile selinux-13092011/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-13092011/libselinux/src/Makefile	2011-09-13 03:30:08.882910143 +0200
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pruN selinux/libsemanage/src/Makefile selinux-13092011/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-13092011/libsemanage/src/Makefile	2011-09-13 03:36:55.724150908 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pruN selinux/libsepol/src/Makefile selinux-13092011/libsepol/src/Makefile
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-13092011/libsepol/src/Makefile	2011-09-13 02:57:31.309865469 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -pruN selinux/Makefile selinux-13092011/Makefile
--- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-13092011/Makefile	2011-09-13 02:58:19.315224529 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-13092011/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-13092011/policycoreutils/audit2allow/Makefile	2011-09-13 03:04:59.631193632 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-13092011/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011/policycoreutils/audit2why/Makefile	2011-09-13 03:01:12.676515333 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-13092011/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011/policycoreutils/load_policy/Makefile	2011-09-13 03:16:23.953209557 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-13092011/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-13092011/policycoreutils/mcstrans/src/Makefile	2011-09-13 03:28:56.851327660 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-13092011/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011/policycoreutils/mcstrans/utils/Makefile	2011-09-13 03:27:22.371562684 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/newrole/Makefile selinux-13092011/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011/policycoreutils/newrole/Makefile	2011-09-13 03:17:53.038877292 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-13092011/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011/policycoreutils/restorecond/Makefile	2011-09-13 03:09:18.182096161 +0200
@@ -1,13 +1,14 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pruN selinux/policycoreutils/run_init/Makefile selinux-13092011/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011/policycoreutils/run_init/Makefile	2011-09-13 03:14:35.943421643 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-13092011/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-13092011/policycoreutils/sandbox/Makefile	2011-09-13 03:08:17.158649761 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng 
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-13092011/policycoreutils/scripts/genhomedircon.8
--- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011/policycoreutils/scripts/genhomedircon.8	2011-09-13 02:57:45.412971066 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "12" "Sep 2011" "Security Enhanced Linux" "SELinux"
 .SH NAME
 genhomedircon \- generate SELinux file context configuration entries for user home directories
 .SH SYNOPSIS
 .B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
 
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
 
 .SH AUTHOR
 This manual page was written by
 .I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)
diff -pruN selinux/policycoreutils/scripts/Makefile selinux-13092011/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011/policycoreutils/scripts/Makefile	2011-09-13 02:59:44.455859136 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
@@ -11,7 +11,10 @@ install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 chcat $(BINDIR)
 	install -m 755 fixfiles $(DESTDIR)/sbin
-	install -m 755 genhomedircon  $(SBINDIR)
+	@echo "#!/bin/sh" > genhomedircon
+	@echo >> genhomedircon
+	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+	install -m 755 genhomedircon $(SBINDIR)
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 fixfiles.8 $(MANDIR)/man8/
 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux/policycoreutils/secon/Makefile selinux-13092011/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011/policycoreutils/secon/Makefile	2011-09-13 03:09:50.934336415 +0200
@@ -1,9 +1,9 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
diff -pruN selinux/policycoreutils/semanage/Makefile selinux-13092011/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011/policycoreutils/semanage/Makefile	2011-09-13 03:10:39.427692261 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pruN selinux/policycoreutils/semodule/Makefile selinux-13092011/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011/policycoreutils/semodule/Makefile	2011-09-13 03:11:52.329224670 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-13092011/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011/policycoreutils/semodule_deps/Makefile	2011-09-13 03:02:06.359913305 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-13092011/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_expand/Makefile	2011-09-13 03:11:07.722900079 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-13092011/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_link/Makefile	2011-09-13 03:05:23.873372013 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-13092011/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_package/Makefile	2011-09-13 03:10:14.033504971 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-13092011/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/sestatus/Makefile	2011-09-13 03:12:39.142571067 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-13092011/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011/policycoreutils/setfiles/Makefile	2011-09-13 03:13:18.560856761 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-13092011/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011/policycoreutils/setsebool/Makefile	2011-09-13 03:11:32.604081796 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/README selinux-13092011/README
--- selinux/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-13092011/README	2011-09-13 02:58:19.316224554 +0200
@@ -0,0 +1,17 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+Please see the Makefile(s) for other environment variables that can be used.

You can always fine-tune the details, but please let me know if I can
move on as I would like to create a few manual pages.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v3] Fix includes for userspace tools and libraries (was Re: [PATCH v2] Fix includes for userspace tools and libraries)

[Guido Trentalancia]

And I've just discovered the second version (v2) contains a typo in the
section field of the genhomedircon manual page, so here is a new version
(v3, same description):

diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-13092011/checkpolicy/Makefile	2011-09-13 02:58:19.314224502 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux/checkpolicy/test/Makefile selinux-13092011/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-13092011/checkpolicy/test/Makefile	2011-09-13 02:58:19.315224529 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux/libselinux/src/Makefile selinux-13092011/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-13092011/libselinux/src/Makefile	2011-09-13 03:30:08.882910143 +0200
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pruN selinux/libsemanage/src/Makefile selinux-13092011/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-13092011/libsemanage/src/Makefile	2011-09-13 03:36:55.724150908 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pruN selinux/libsepol/src/Makefile selinux-13092011/libsepol/src/Makefile
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-13092011/libsepol/src/Makefile	2011-09-13 02:57:31.309865469 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -pruN selinux/Makefile selinux-13092011/Makefile
--- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-13092011/Makefile	2011-09-13 02:58:19.315224529 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-13092011/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-13092011/policycoreutils/audit2allow/Makefile	2011-09-13 03:04:59.631193632 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-13092011/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011/policycoreutils/audit2why/Makefile	2011-09-13 03:01:12.676515333 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-13092011/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011/policycoreutils/load_policy/Makefile	2011-09-13 03:16:23.953209557 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-13092011/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-13092011/policycoreutils/mcstrans/src/Makefile	2011-09-13 03:28:56.851327660 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-13092011/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011/policycoreutils/mcstrans/utils/Makefile	2011-09-13 03:27:22.371562684 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/newrole/Makefile selinux-13092011/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011/policycoreutils/newrole/Makefile	2011-09-13 03:17:53.038877292 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-13092011/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011/policycoreutils/restorecond/Makefile	2011-09-13 03:09:18.182096161 +0200
@@ -1,13 +1,14 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pruN selinux/policycoreutils/run_init/Makefile selinux-13092011/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011/policycoreutils/run_init/Makefile	2011-09-13 03:14:35.943421643 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-13092011/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-13092011/policycoreutils/sandbox/Makefile	2011-09-13 03:08:17.158649761 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng 
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-13092011/policycoreutils/scripts/genhomedircon.8
--- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011/policycoreutils/scripts/genhomedircon.8	2011-09-13 02:57:45.412971066 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
 .SH NAME
 genhomedircon \- generate SELinux file context configuration entries for user home directories
 .SH SYNOPSIS
 .B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
 
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
 
 .SH AUTHOR
 This manual page was written by
 .I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)
diff -pruN selinux/policycoreutils/scripts/Makefile selinux-13092011/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011/policycoreutils/scripts/Makefile	2011-09-13 02:59:44.455859136 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
@@ -11,7 +11,10 @@ install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 chcat $(BINDIR)
 	install -m 755 fixfiles $(DESTDIR)/sbin
-	install -m 755 genhomedircon  $(SBINDIR)
+	@echo "#!/bin/sh" > genhomedircon
+	@echo >> genhomedircon
+	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+	install -m 755 genhomedircon $(SBINDIR)
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 fixfiles.8 $(MANDIR)/man8/
 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux/policycoreutils/secon/Makefile selinux-13092011/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011/policycoreutils/secon/Makefile	2011-09-13 03:09:50.934336415 +0200
@@ -1,9 +1,9 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
diff -pruN selinux/policycoreutils/semanage/Makefile selinux-13092011/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011/policycoreutils/semanage/Makefile	2011-09-13 03:10:39.427692261 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pruN selinux/policycoreutils/semodule/Makefile selinux-13092011/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011/policycoreutils/semodule/Makefile	2011-09-13 03:11:52.329224670 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-13092011/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011/policycoreutils/semodule_deps/Makefile	2011-09-13 03:02:06.359913305 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-13092011/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_expand/Makefile	2011-09-13 03:11:07.722900079 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-13092011/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_link/Makefile	2011-09-13 03:05:23.873372013 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-13092011/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_package/Makefile	2011-09-13 03:10:14.033504971 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-13092011/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/sestatus/Makefile	2011-09-13 03:12:39.142571067 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-13092011/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011/policycoreutils/setfiles/Makefile	2011-09-13 03:13:18.560856761 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-13092011/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011/policycoreutils/setsebool/Makefile	2011-09-13 03:11:32.604081796 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/README selinux-13092011/README
--- selinux/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-13092011/README	2011-09-13 02:58:19.316224554 +0200
@@ -0,0 +1,17 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+Please see the Makefile(s) for other environment variables that can be used.

Regards,

Guido

On Tue, 2011-09-13 at 04:03 +0200, Guido Trentalancia wrote:
> Hello again.
> 
> I have prepared a new revised and possibly (in)complete version of the
> patch.
> 
> On Tue, 2011-09-13 at 02:53 +0200, Guido Trentalancia wrote:
> > > However, at the moment, without an existing installation in place the
> > > build fails on my system because it cannot source header files from
> > > $(PREFIX)/include/{selinux,sepol,semanage} during compilation and then
> > > because it cannot source shared libraries from LIBDIR ?= $(PREFIX)/lib
> > > during linking.
> > > 
> > > It also fails if an existing installation provides obsolete header
> > > files.
> > > 
> > > Another (even better) way of achieving the same would probably be to set
> > > a TOPLEVEL variable to "pwd" (shell builtin for current directory) in
> > > the top-level Makefile and then add -I
> > > $(TOPLEVEL)/{selinux,sepol,semanage}/include and -L
> > > $(TOPLEVEL)/lib{selinux,sepol,semanage}/src to CFLAGS and LDFLAGS
> > > respectively...
> > 
> > And here is what I meant:
> > 
> [cut]
> > There are many different ways of achieving it.
> > 
> > Using the CURDIR variable provided by make is quite nice. Not only it is
> > much simpler and much cleaner, but it also avoids the need to revert the
> > patch before creating the separate components to be released.
> > 
> > However there are many other bits left out from previously posted
> > patches (honor LIBDIR for load_policy, LIBSO link creation in SHLIBDIR
> > for the three shared libraries, genhomedircon manual page, do not
> > hard-code path in genhomedircon script, replacement of curly brackets
> > with parentheses for some variables in some makefiles, make use of
> > PREFIX for determining LOCALEDIR in some makefiles, do not override
> > passed environment variables in some makefiles, et cetera).
> 
> This is a maintenance patch for further testing. It potentially replaces
> any other patch previously posted in this same and/or other recent
> threads.
> 
> Make sure that the SELinux userspace libraries and tools bundle from the
> git repository can be built from scratch without requiring existing
> SELinux installations (in particular header files) by exploiting the
> CURDIR variable (provided by the make tool itself) in the top-level
> Makefile only.
> 
> Create a top-level README file which is intended to provide a few
> details about some of the possible environment variables that can be
> configured and passed to the make tool.
> 
> Fix a possible installation issue (creation of symbolic links to shared
> libraries using a wrong target file and in a possibly wrong directory
> for libselinux, libsepol and libsemanage).
> 
> Do not hard-code the path to semodule in the genhomedircon script but
> rather generate it each time by using PREFIX. Improve the manual page
> for genhomedircon.
> 
> Replace curly brackets with parentheses for some variables such as
> DESTDIR and PREFIX in the Makefiles. Add and make use of LIBDIR and
> INCLUDEDIR where appropriate within the Makefiles. Make use of PREFIX
> for determining the value of LOCALEDIR within some of the Makefiles. Do
> not override the environment variables passed from the command-line for
> some of the Makefiles.
> 
> diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
> --- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> +++ selinux-13092011/checkpolicy/Makefile	2011-09-13 02:58:19.314224502 +0200
> @@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
>  CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
>  CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
>  
> -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  GENERATED=lex.yy.c y.tab.c y.tab.h
>  
> diff -pruN selinux/checkpolicy/test/Makefile selinux-13092011/checkpolicy/test/Makefile
> --- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
> +++ selinux-13092011/checkpolicy/test/Makefile	2011-09-13 02:58:19.315224529 +0200
> @@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
>  CFLAGS ?= -g -Wall -O2 -pipe
>  override CFLAGS += -I$(INCLUDEDIR)
>  
> -LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
> +LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  all: dispol dismod
>  
> diff -pruN selinux/libselinux/src/Makefile selinux-13092011/libselinux/src/Makefile
> --- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
> +++ selinux-13092011/libselinux/src/Makefile	2011-09-13 03:30:08.882910143 +0200
> @@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
>  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
>  
>  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
>  
>  %.o:  %.c policy.h
>  	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
> @@ -126,7 +126,7 @@ install: all
>  	install -m 755 $(LIBSO) $(SHLIBDIR)
>  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> +	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
>  
>  install-pywrap: pywrap
>  	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
> diff -pruN selinux/libsemanage/src/Makefile selinux-13092011/libsemanage/src/Makefile
> --- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
> +++ selinux-13092011/libsemanage/src/Makefile	2011-09-13 03:36:55.724150908 +0200
> @@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
>  	$(RANLIB) $@
>  
>  $(LIBSO): $(LOBJS)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>  	ln -sf $@ $(TARGET)
>  
>  $(LIBPC): $(LIBPC).in
> @@ -139,7 +139,7 @@ install: all
>  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
>  	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
> -	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
> +	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
>  
>  install-pywrap: pywrap 
>  	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
> diff -pruN selinux/libsepol/src/Makefile selinux-13092011/libsepol/src/Makefile
> --- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
> +++ selinux-13092011/libsepol/src/Makefile	2011-09-13 02:57:31.309865469 +0200
> @@ -43,7 +43,7 @@ install: all
>  	install -m 755 $(LIBSO) $(SHLIBDIR)
>  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> +	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
>  
>  relabel:
>  	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> diff -pruN selinux/Makefile selinux-13092011/Makefile
> --- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
> +++ selinux-13092011/Makefile	2011-09-13 02:58:19.315224529 +0200
> @@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
>  DISTCLEANSUBIDRS=libselinux libsemanage
>  
>  ifeq ($(DEBUG),1)
> -	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
> -	export LDFLAGS = -g
> +	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
> +	LDFLAGS += -g
>  endif
>  
> +CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
> +LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
> +export CFLAGS
> +export LDFLAGS
> +
>  all install relabel clean test indent:
>  	@for subdir in $(SUBDIRS); do \
>  		(cd $$subdir && $(MAKE) $@) || exit 1; \
> diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-13092011/policycoreutils/audit2allow/Makefile
> --- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
> +++ selinux-13092011/policycoreutils/audit2allow/Makefile	2011-09-13 03:04:59.631193632 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  all: ;
>  
> diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-13092011/policycoreutils/audit2why/Makefile
> --- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-13092011/policycoreutils/audit2why/Makefile	2011-09-13 03:01:12.676515333 +0200
> @@ -1,5 +1,5 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
>  
> diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-13092011/policycoreutils/load_policy/Makefile
> --- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-13092011/policycoreutils/load_policy/Makefile	2011-09-13 03:16:23.953209557 +0200
> @@ -1,13 +1,15 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(DESTDIR)/sbin
>  USRSBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> +override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lsepol -lselinux -L$(LIBDIR)
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-13092011/policycoreutils/mcstrans/src/Makefile
> --- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
> +++ selinux-13092011/policycoreutils/mcstrans/src/Makefile	2011-09-13 03:28:56.851327660 +0200
> @@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
>  all: $(PROG)
>  
>  $(PROG): $(PROG_OBJS)
> -	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
> +	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
>  
>  %.o:  %.c 
>  	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
> diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-13092011/policycoreutils/mcstrans/utils/Makefile
> --- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-13092011/policycoreutils/mcstrans/utils/Makefile	2011-09-13 03:27:22.371562684 +0200
> @@ -21,7 +21,7 @@ endif
>  
>  CFLAGS ?= -Wall
>  override CFLAGS += -I../src -D_GNU_SOURCE
> -LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
> +LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -pruN selinux/policycoreutils/newrole/Makefile selinux-13092011/policycoreutils/newrole/Makefile
> --- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-13092011/policycoreutils/newrole/Makefile	2011-09-13 03:17:53.038877292 +0200
> @@ -1,9 +1,11 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  ETCDIR ?= $(DESTDIR)/etc
> -LOCALEDIR = /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  # Enable capabilities to permit newrole to generate audit records.
> @@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
>  
>  CFLAGS ?= -Werror -Wall -W
>  EXTRA_OBJS =
> -override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR)
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
>  	EXTRA_OBJS += hashtab.o
> diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-13092011/policycoreutils/restorecond/Makefile
> --- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-13092011/policycoreutils/restorecond/Makefile	2011-09-13 03:09:18.182096161 +0200
> @@ -1,13 +1,14 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -INITDIR = $(DESTDIR)/etc/rc.d/init.d
> -SELINUXDIR = $(DESTDIR)/etc/selinux
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
> +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> +SELINUXDIR ?= $(DESTDIR)/etc/selinux
>  
>  CFLAGS ?= -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
> +LDLIBS += -lselinux -L$(LIBDIR)
>  
>  all: restorecond
>  
> diff -pruN selinux/policycoreutils/run_init/Makefile selinux-13092011/policycoreutils/run_init/Makefile
> --- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-13092011/policycoreutils/run_init/Makefile	2011-09-13 03:14:35.943421643 +0200
> @@ -1,16 +1,17 @@
> -
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  ETCDIR ?= $(DESTDIR)/etc
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR)
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
>  	LDLIBS += -lpam -lpam_misc
> diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-13092011/policycoreutils/sandbox/Makefile
> --- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
> +++ selinux-13092011/policycoreutils/sandbox/Makefile	2011-09-13 03:08:17.158649761 +0200
> @@ -1,14 +1,16 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> -INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
> -SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
> +PREFIX ?= $(DESTDIR)/usr
> +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
> +SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
>  BINDIR ?= $(PREFIX)/bin
>  SBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  SHAREDIR ?= $(PREFIX)/share/sandbox
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -lcap-ng 
> +override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
>  
>  all: sandbox seunshare sandboxX.sh start
>  
> diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-13092011/policycoreutils/scripts/genhomedircon.8
> --- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
> +++ selinux-13092011/policycoreutils/scripts/genhomedircon.8	2011-09-13 02:57:45.412971066 +0200
> @@ -1,37 +1,21 @@
> -.\" Hey, Emacs! This is an -*- nroff -*- source file.
> -.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
> -.\"
> -.\" This is free documentation; you can redistribute it and/or
> -.\" modify it under the terms of the GNU General Public License as
> -.\" published by the Free Software Foundation; either version 2 of
> -.\" the License, or (at your option) any later version.
> -.\"
> -.\" The GNU General Public License's references to "object code"
> -.\" and "executables" are to be interpreted as the output of any
> -.\" document formatting or typesetting system, including
> -.\" intermediate and printed output.
> -.\"
> -.\" This manual is distributed in the hope that it will be useful,
> -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
> -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> -.\" GNU General Public License for more details.
> -.\"
> -.\" You should have received a copy of the GNU General Public
> -.\" License along with this manual; if not, write to the Free
> -.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
> -.\" USA.
> -.\"
> -.\"
> -.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
> +.TH GENHOMEDIRCON "12" "Sep 2011" "Security Enhanced Linux" "SELinux"
>  .SH NAME
>  genhomedircon \- generate SELinux file context configuration entries for user home directories
>  .SH SYNOPSIS
>  .B genhomedircon
> -is a script that executes semodule to rebuild policy and create the
> -labels for HOMEDIRS based on home directories returned by the getpw calls.
> +is a script that executes
> +.B semodule
> +to rebuild the SELinux policy and to create the
> +labels for each user home directory based on directory paths returned by calls to getpwent().
>  
> -This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
> +This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
> +(such flag can either take the value "true" or "false" and by default it is set to "true").
>  
>  .SH AUTHOR
>  This manual page was written by
>  .I Dan Walsh <dwalsh@redhat.com>
> +
> +The supporting functionality in the semanage library was written by Tresys Technology.
> +
> +.SH "SEE ALSO"
> +semodule(8), getpwent(3), getpwent_r(3)
> diff -pruN selinux/policycoreutils/scripts/Makefile selinux-13092011/policycoreutils/scripts/Makefile
> --- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
> +++ selinux-13092011/policycoreutils/scripts/Makefile	2011-09-13 02:59:44.455859136 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  SBINDIR ?= $(PREFIX)/sbin
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  all: fixfiles genhomedircon chcat
>  
> @@ -11,7 +11,10 @@ install: all
>  	-mkdir -p $(BINDIR)
>  	install -m 755 chcat $(BINDIR)
>  	install -m 755 fixfiles $(DESTDIR)/sbin
> -	install -m 755 genhomedircon  $(SBINDIR)
> +	@echo "#!/bin/sh" > genhomedircon
> +	@echo >> genhomedircon
> +	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
> +	install -m 755 genhomedircon $(SBINDIR)
>  	-mkdir -p $(MANDIR)/man8
>  	install -m 644 fixfiles.8 $(MANDIR)/man8/
>  	install -m 644 genhomedircon.8 $(MANDIR)/man8/
> diff -pruN selinux/policycoreutils/secon/Makefile selinux-13092011/policycoreutils/secon/Makefile
> --- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-13092011/policycoreutils/secon/Makefile	2011-09-13 03:09:50.934336415 +0200
> @@ -1,9 +1,9 @@
>  # secon tool - command-line context
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
>  WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
>  VERSION = $(shell cat ../VERSION)
> diff -pruN selinux/policycoreutils/semanage/Makefile selinux-13092011/policycoreutils/semanage/Makefile
> --- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-13092011/policycoreutils/semanage/Makefile	2011-09-13 03:10:39.427692261 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  LIBDIR ?= $(PREFIX)/lib
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> +MANDIR ?= $(PREFIX)/share/man
>  PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
>  PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
>  
> diff -pruN selinux/policycoreutils/semodule/Makefile selinux-13092011/policycoreutils/semodule/Makefile
> --- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-13092011/policycoreutils/semodule/Makefile	2011-09-13 03:11:52.329224670 +0200
> @@ -2,8 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-13092011/policycoreutils/semodule_deps/Makefile
> --- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-13092011/policycoreutils/semodule_deps/Makefile	2011-09-13 03:02:06.359913305 +0200
> @@ -1,13 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = $(LIBDIR)/libsepol.a
> +LDLIBS = ../../libsepol/src/libsepol.a
>  
>  all: semodule_deps
>  
> diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-13092011/policycoreutils/semodule_expand/Makefile
> --- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-13092011/policycoreutils/semodule_expand/Makefile	2011-09-13 03:11:07.722900079 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-13092011/policycoreutils/semodule_link/Makefile
> --- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-13092011/policycoreutils/semodule_link/Makefile	2011-09-13 03:05:23.873372013 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-13092011/policycoreutils/semodule_package/Makefile
> --- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-13092011/policycoreutils/semodule_package/Makefile	2011-09-13 03:10:14.033504971 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-13092011/policycoreutils/sestatus/Makefile
> --- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-13092011/policycoreutils/sestatus/Makefile	2011-09-13 03:12:39.142571067 +0200
> @@ -1,12 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
>  ETCDIR ?= $(DESTDIR)/etc
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
> -CFLAGS = -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> +CFLAGS ?= -Werror -Wall -W
> +override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
>  LDLIBS = -lselinux -L$(LIBDIR)
>  
>  all: sestatus
> diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-13092011/policycoreutils/setfiles/Makefile
> --- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-13092011/policycoreutils/setfiles/Makefile	2011-09-13 03:13:18.560856761 +0200
> @@ -1,12 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(DESTDIR)/sbin
> -MANDIR = $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
>  LIBDIR ?= $(PREFIX)/lib
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
> -CFLAGS = -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include
> +CFLAGS ?= -g -Werror -Wall -W
> +override CFLAGS += -I$(INCLUDEDIR)
>  LDLIBS = -lselinux -lsepol -L$(LIBDIR)
>  
>  ifeq (${AUDITH}, /usr/include/libaudit.h)
> diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-13092011/policycoreutils/setsebool/Makefile
> --- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-13092011/policycoreutils/setsebool/Makefile	2011-09-13 03:11:32.604081796 +0200
> @@ -2,8 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/README selinux-13092011/README
> --- selinux/README	1970-01-01 01:00:00.000000000 +0100
> +++ selinux-13092011/README	2011-09-13 02:58:19.316224554 +0200
> @@ -0,0 +1,17 @@
> +INSTALLATION:
> +
> +Type "make" to build and then "make install" to install.
> +
> +---
> +
> +The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
> +and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
> +
> +The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
> +different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
> +on 64-bit systems).
> +
> +The environment variable PREFIX can be passed to "make" in order to configure an install
> +prefix other than "/usr".
> +
> +Please see the Makefile(s) for other environment variables that can be used.
> 
> You can always fine-tune the details, but please let me know if I can
> move on as I would like to create a few manual pages.
> 
> Regards,
> 
> Guido
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Stephen Smalley]

On Mon, 2011-09-12 at 18:01 -0400, Eric Paris wrote:
> On 09/12/2011 04:29 PM, Guido Trentalancia wrote:
> > Hi Stephen.
> > 
> > On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
> >> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> >>> I'm also really annoyed by this at times, but I don't know what the
> >>> right answer is.
> >>>
> >>> We really treat it like we have 5+ separate projects which just all
> >>> happen to live in the same git tree.  Thus to build libselinux you
> >>> must have already built and installed libsepol.  And then to build
> >>> libsemanage you need to have done that with both libsepol and
> >>> libselinux.  Then of course to get the builds and install right (on
> >>> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> >>> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> >>> Its a mess, but I don't know what to do that's better....
> >>
> >> make DESTDIR=~/out at top-level should work fine - it will build and
> >> install each library into a private tree (as specified by DESTDIR) and
> >> then build and install the programs against those libraries.  Without
> >> needing to clobber the system ones.
> > 
> > At the moment, it does not, until the Makefile(s) are modified or at
> > least until the libraries are manually installed first.
> > 
> > Try by yourself, but do not forget to remove
> > $(PREFIX)/usr/include/{selinux,semanage,sepol} and
> > $(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !
> 
> I recently added the patch which changed the global to be 'build'
> instead of 'install', so sds might not realize that 'install' is no
> longer the default, however I think Guido is right about the install
> having a number of paces that it hard coded things...

Well, that's a regression then - it used to work with make DESTDIR=~/out
just fine.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Guido Trentalancia]

Hello Stephen,

thanks for getting back...

On Tue, 2011-09-13 at 08:41 -0400, Stephen Smalley wrote:
> On Mon, 2011-09-12 at 18:01 -0400, Eric Paris wrote:
> > On 09/12/2011 04:29 PM, Guido Trentalancia wrote:
> > > Hi Stephen.
> > > 
> > > On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
> > >> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> > >>> I'm also really annoyed by this at times, but I don't know what the
> > >>> right answer is.
> > >>>
> > >>> We really treat it like we have 5+ separate projects which just all
> > >>> happen to live in the same git tree.  Thus to build libselinux you
> > >>> must have already built and installed libsepol.  And then to build
> > >>> libsemanage you need to have done that with both libsepol and
> > >>> libselinux.  Then of course to get the builds and install right (on
> > >>> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> > >>> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> > >>> Its a mess, but I don't know what to do that's better....
> > >>
> > >> make DESTDIR=~/out at top-level should work fine - it will build and
> > >> install each library into a private tree (as specified by DESTDIR) and
> > >> then build and install the programs against those libraries.  Without
> > >> needing to clobber the system ones.
> > > 
> > > At the moment, it does not, until the Makefile(s) are modified or at
> > > least until the libraries are manually installed first.
> > > 
> > > Try by yourself, but do not forget to remove
> > > $(PREFIX)/usr/include/{selinux,semanage,sepol} and
> > > $(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !
> > 
> > I recently added the patch which changed the global to be 'build'
> > instead of 'install', so sds might not realize that 'install' is no
> > longer the default, however I think Guido is right about the install
> > having a number of paces that it hard coded things...
> 
> Well, that's a regression then - it used to work with make DESTDIR=~/out
> just fine.

For sure, it needs further checking and fixing...

But let me just try again pointing out a few further details so that
everybody would better understand the issue.

It is a maintenance issue with the Makefiles.

The DESTDIR variable does not matter much because the problem is that it
breaks not only the installation but also the compilation itself (prior
to the installation) !

So, DESTDIR is generally only used during the installation process (what
DESTINATION directory shall I write to ?).

The compilation problem being discussed here is twofold: compilation
itself (from *.c source code to *.o object code) and linking (from *.o
object code to the tool or shared library executable).

So the first side of the problem (compilation stage) is due to the fact
that gcc is only allowed to include header files from the system-wide
header repository (e.g. -I/usr/include) while unfortunately it is not
allowed/configured to try picking up local header files first (as in
having -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I
$(CURDIR)/libsemanage/include before any eventual system-wide
-I/usr/include).

The second side of the problem (linking stage) is due to a somewhat
similar fact that gcc is only allowed to search dynamic (shared)
libraries in system-wide repositories (such as -L/usr/lib) while it is
not allowed/configured to search the local build directories first (as
in having -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L
$(CURDIR)/libsemanage/src before any system-wide -L/usr/lib).

For reference: the CURDIR variable is expanded by the GNU make tools to
the current directory (it is a GNU make functionality). I propose
exploiting such variable in the top-level Makefile in order to determine
the top-level SELinux-userspace directory and subsequently pass it
recursively to lower-level Makefiles (so that it is used in turn as the
base for the *local* -I include and -L link compiler/linker flags).

That said, I must admit I do not know much about the history, although
it seems to me from the git logs that the problem has been there since
the very first git commit.

Hope it helps.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Stephen Smalley]

On Mon, 2011-09-12 at 18:01 -0400, Eric Paris wrote:
> On 09/12/2011 04:29 PM, Guido Trentalancia wrote:
> > Hi Stephen.
> > 
> > On Mon, 2011-09-12 at 08:57 -0400, Stephen Smalley wrote:
> >> On Fri, 2011-09-09 at 13:31 -0400, Eric Paris wrote:
> >>> I'm also really annoyed by this at times, but I don't know what the
> >>> right answer is.
> >>>
> >>> We really treat it like we have 5+ separate projects which just all
> >>> happen to live in the same git tree.  Thus to build libselinux you
> >>> must have already built and installed libsepol.  And then to build
> >>> libsemanage you need to have done that with both libsepol and
> >>> libselinux.  Then of course to get the builds and install right (on
> >>> Fedora/RHEL) you have to know to use LIBDIR=/usr/lib64 SHLIBDIR=/lib64
> >>> for libsepol and libsepol, but SHLIBDIR=/usr/lib64 for libsemanage.
> >>> Its a mess, but I don't know what to do that's better....
> >>
> >> make DESTDIR=~/out at top-level should work fine - it will build and
> >> install each library into a private tree (as specified by DESTDIR) and
> >> then build and install the programs against those libraries.  Without
> >> needing to clobber the system ones.
> > 
> > At the moment, it does not, until the Makefile(s) are modified or at
> > least until the libraries are manually installed first.
> > 
> > Try by yourself, but do not forget to remove
> > $(PREFIX)/usr/include/{selinux,semanage,sepol} and
> > $(PREFIX){/usr,}/lib/libse{linux,manage,pol}* first !
> 
> I recently added the patch which changed the global to be 'build'
> instead of 'install', so sds might not realize that 'install' is no
> longer the default, however I think Guido is right about the install
> having a number of paces that it hard coded things...

Your patch was wrong and should have been rejected.  make DESTDIR=~/out
was the way to build the entire source tree.  It ensured that the right
headers are picked up (by adding -I~/out/usr/include to CFLAGS, which
then take precedence over the system ones), and that the right libraries
are linked against (likewise with LDFLAGS), and it didn't require you to
be root to build.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (was Re: [PATCH] Fix include semanage/handle.h for semanage_set_root() as used by semodule)

[Stephen Smalley]

On Tue, 2011-09-13 at 18:31 +0200, Guido Trentalancia wrote:
> But let me just try again pointing out a few further details so that
> everybody would better understand the issue.
> 
> It is a maintenance issue with the Makefiles.
> 
> The DESTDIR variable does not matter much because the problem is that it
> breaks not only the installation but also the compilation itself (prior
> to the installation) !
> 
> So, DESTDIR is generally only used during the installation process (what
> DESTINATION directory shall I write to ?).

That may be true, but we have been using it to perform local builds of
the entire source repository for a very long time.  In the case of
package builds, it doesn't matter because there each component is
separately compiled and the package dependencies ensure that the
required components are built and installed first.  At some distant
point in the past, this approach of using make DESTDIR was introduced as
a way to allow us to build the entire tree without requiring us to
introduce -I and -L options relative to the current directory, as that
was viewed as being more painful to maintain and wrong when built
separately (as for packages).

> The compilation problem being discussed here is twofold: compilation
> itself (from *.c source code to *.o object code) and linking (from *.o
> object code to the tool or shared library executable).
> 
> So the first side of the problem (compilation stage) is due to the fact
> that gcc is only allowed to include header files from the system-wide
> header repository (e.g. -I/usr/include) while unfortunately it is not
> allowed/configured to try picking up local header files first (as in
> having -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I
> $(CURDIR)/libsemanage/include before any eventual system-wide
> -I/usr/include).

Build with make DESTDIR=/some/path install, and it should already add
-I/some/path/usr/include to your CFLAGS, which will then get picked up
before the system headers (as per man gcc and confirmed by experiment).

> The second side of the problem (linking stage) is due to a somewhat
> similar fact that gcc is only allowed to search dynamic (shared)
> libraries in system-wide repositories (such as -L/usr/lib) while it is
> not allowed/configured to search the local build directories first (as
> in having -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L
> $(CURDIR)/libsemanage/src before any system-wide -L/usr/lib).

Likewise, make DESTDIR=/some/path install will adjust your LDFLAGS
correctly.

> For reference: the CURDIR variable is expanded by the GNU make tools to
> the current directory (it is a GNU make functionality). I propose
> exploiting such variable in the top-level Makefile in order to determine
> the top-level SELinux-userspace directory and subsequently pass it
> recursively to lower-level Makefiles (so that it is used in turn as the
> base for the *local* -I include and -L link compiler/linker flags).

Ok, maybe we didn't know about CURDIR back then or thought it would
break separate package builds.  I don't recall.  I'm not fundamentally
opposed to the changes so long as they don't introduce any regressions,
but I wanted to be sure that people understand the history.

> That said, I must admit I do not know much about the history, although
> it seems to me from the git logs that the problem has been there since
> the very first git commit.

Yet it has worked for us for quite a long time, via make DESTDIR.  If it
is broken, it is a recent change that broke it.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

Hello Stephen.

On Tue, 2011-09-13 at 13:20 -0400, Stephen Smalley wrote:
> On Tue, 2011-09-13 at 18:31 +0200, Guido Trentalancia wrote:
> > But let me just try again pointing out a few further details so that
> > everybody would better understand the issue.
> > 
> > It is a maintenance issue with the Makefiles.
> > 
> > The DESTDIR variable does not matter much because the problem is that it
> > breaks not only the installation but also the compilation itself (prior
> > to the installation) !
> > 
> > So, DESTDIR is generally only used during the installation process (what
> > DESTINATION directory shall I write to ?).
> 
> That may be true, but we have been using it to perform local builds of
> the entire source repository for a very long time.  In the case of
> package builds, it doesn't matter because there each component is
> separately compiled and the package dependencies ensure that the
> required components are built and installed first.

The above depends on the distribution's build process. We do not know
for certain how each present and future distribution is going to build
the packages...

>   At some distant
> point in the past, this approach of using make DESTDIR was introduced as
> a way to allow us to build the entire tree without requiring us to
> introduce -I and -L options relative to the current directory, as that
> was viewed as being more painful to maintain and wrong when built
> separately (as for packages).

DESTDIR should not be mandatory to use but it is very much desirable.
But I do not get the connection with the two compiler flags...

> > The compilation problem being discussed here is twofold: compilation
> > itself (from *.c source code to *.o object code) and linking (from *.o
> > object code to the tool or shared library executable).
> > 
> > So the first side of the problem (compilation stage) is due to the fact
> > that gcc is only allowed to include header files from the system-wide
> > header repository (e.g. -I/usr/include) while unfortunately it is not
> > allowed/configured to try picking up local header files first (as in
> > having -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I
> > $(CURDIR)/libsemanage/include before any eventual system-wide
> > -I/usr/include).
> 
> Build with make DESTDIR=/some/path install, and it should already add
> -I/some/path/usr/include to your CFLAGS, which will then get picked up
> before the system headers (as per man gcc and confirmed by experiment).

No, it doesn't currently ! If you want to try reproducing it, then you
should do so on a system which hasn't got it already installed (or make
sure you get temporarily rid of
$(PREFIX)/include/{selinux,sepol,semanage} and
$(LIBDIR)/lib{selinux,sepol,semanage}.* first).

> > The second side of the problem (linking stage) is due to a somewhat
> > similar fact that gcc is only allowed to search dynamic (shared)
> > libraries in system-wide repositories (such as -L/usr/lib) while it is
> > not allowed/configured to search the local build directories first (as
> > in having -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L
> > $(CURDIR)/libsemanage/src before any system-wide -L/usr/lib).
> 
> Likewise, make DESTDIR=/some/path install will adjust your LDFLAGS
> correctly.

See above.

And to that add that the actual LDFLAGS possibly introduces an unwanted
and potentially dangerous libsepol.a cache !

In fact, somewhere the LDFLAGS currently adds $(LIBDIR)/libsepol.a
instead of the local copy of static library libsepol.a. This should be
further investigated as it might need to be treated as a security flaw
(binaries available from different vendors might be affected if linked
against the existing old libsepol.a static library).

> > For reference: the CURDIR variable is expanded by the GNU make tools to
> > the current directory (it is a GNU make functionality). I propose
> > exploiting such variable in the top-level Makefile in order to determine
> > the top-level SELinux-userspace directory and subsequently pass it
> > recursively to lower-level Makefiles (so that it is used in turn as the
> > base for the *local* -I include and -L link compiler/linker flags).
> 
> Ok, maybe we didn't know about CURDIR back then or thought it would
> break separate package builds.  I don't recall.  I'm not fundamentally
> opposed to the changes so long as they don't introduce any regressions,
> but I wanted to be sure that people understand the history.
> 
> > That said, I must admit I do not know much about the history, although
> > it seems to me from the git logs that the problem has been there since
> > the very first git commit.
> 
> Yet it has worked for us for quite a long time, via make DESTDIR.  If it
> is broken, it is a recent change that broke it.

I am missing the point again especially because I wasn't able to track
it down in git logs.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

To be more precise...

On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> Hello Stephen.
> 
> On Tue, 2011-09-13 at 13:20 -0400, Stephen Smalley wrote:
> > On Tue, 2011-09-13 at 18:31 +0200, Guido Trentalancia wrote:
> > > But let me just try again pointing out a few further details so that
> > > everybody would better understand the issue.
> > > 
> > > It is a maintenance issue with the Makefiles.
> > > 
> > > The DESTDIR variable does not matter much because the problem is that it
> > > breaks not only the installation but also the compilation itself (prior
> > > to the installation) !
> > > 
> > > So, DESTDIR is generally only used during the installation process (what
> > > DESTINATION directory shall I write to ?).
> > 
> > That may be true, but we have been using it to perform local builds of
> > the entire source repository for a very long time.  In the case of
> > package builds, it doesn't matter because there each component is
> > separately compiled and the package dependencies ensure that the
> > required components are built and installed first.
> 
> The above depends on the distribution's build process. We do not know
> for certain how each present and future distribution is going to build
> the packages...
> 
> >   At some distant
> > point in the past, this approach of using make DESTDIR was introduced as
> > a way to allow us to build the entire tree without requiring us to
> > introduce -I and -L options relative to the current directory, as that
> > was viewed as being more painful to maintain and wrong when built
> > separately (as for packages).
> 
> DESTDIR should not be mandatory to use but it is very much desirable.
> But I do not get the connection with the two compiler flags...
> 
> > > The compilation problem being discussed here is twofold: compilation
> > > itself (from *.c source code to *.o object code) and linking (from *.o
> > > object code to the tool or shared library executable).
> > > 
> > > So the first side of the problem (compilation stage) is due to the fact
> > > that gcc is only allowed to include header files from the system-wide
> > > header repository (e.g. -I/usr/include) while unfortunately it is not
> > > allowed/configured to try picking up local header files first (as in
> > > having -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I
> > > $(CURDIR)/libsemanage/include before any eventual system-wide
> > > -I/usr/include).
> > 
> > Build with make DESTDIR=/some/path install, and it should already add
> > -I/some/path/usr/include to your CFLAGS, which will then get picked up
> > before the system headers (as per man gcc and confirmed by experiment).
> 
> No, it doesn't currently ! If you want to try reproducing it, then you
> should do so on a system which hasn't got it already installed (or make
> sure you get temporarily rid of
> $(PREFIX)/include/{selinux,sepol,semanage} and
> $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> 
> > > The second side of the problem (linking stage) is due to a somewhat
> > > similar fact that gcc is only allowed to search dynamic (shared)
> > > libraries in system-wide repositories (such as -L/usr/lib) while it is
> > > not allowed/configured to search the local build directories first (as
> > > in having -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L
> > > $(CURDIR)/libsemanage/src before any system-wide -L/usr/lib).
> > 
> > Likewise, make DESTDIR=/some/path install will adjust your LDFLAGS
> > correctly.
> 
> See above.
> 
> And to that add that the actual LDFLAGS possibly introduces an unwanted
> and potentially dangerous libsepol.a cache !

Please read LDLIBS instead of LDFLAGS.

At the least the following objects could be affected: checkpolicy,
semodule_deps, mcstransd and the audit2why.so python module. A security
notice might be need to be issued if confirmed.

> In fact, somewhere the LDFLAGS currently adds $(LIBDIR)/libsepol.a
> instead of the local copy of static library libsepol.a. This should be
> further investigated as it might need to be treated as a security flaw
> (binaries available from different vendors might be affected if linked
> against the existing old libsepol.a static library).
> 
> > > For reference: the CURDIR variable is expanded by the GNU make tools to
> > > the current directory (it is a GNU make functionality). I propose
> > > exploiting such variable in the top-level Makefile in order to determine
> > > the top-level SELinux-userspace directory and subsequently pass it
> > > recursively to lower-level Makefiles (so that it is used in turn as the
> > > base for the *local* -I include and -L link compiler/linker flags).
> > 
> > Ok, maybe we didn't know about CURDIR back then or thought it would
> > break separate package builds.  I don't recall.  I'm not fundamentally
> > opposed to the changes so long as they don't introduce any regressions,
> > but I wanted to be sure that people understand the history.
> > 
> > > That said, I must admit I do not know much about the history, although
> > > it seems to me from the git logs that the problem has been there since
> > > the very first git commit.
> > 
> > Yet it has worked for us for quite a long time, via make DESTDIR.  If it
> > is broken, it is a recent change that broke it.
> 
> I am missing the point again especially because I wasn't able to track
> it down in git logs.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> No, it doesn't currently ! If you want to try reproducing it, then you
> should do so on a system which hasn't got it already installed (or make
> sure you get temporarily rid of
> $(PREFIX)/include/{selinux,sepol,semanage} and
> $(LIBDIR)/lib{selinux,sepol,semanage}.* first).

I know it is presently broken, but not sure exactly when/who broke it.
However, as a working example:
$ git clean -fdx
$ rm -rf ~/out
$ git checkout master@{"16 months ago"}
$ make DESTDIR=~/out

works just fine for me.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Tue, 2011-09-13 at 20:46 +0200, Guido Trentalancia wrote:
> To be more precise...

> > And to that add that the actual LDFLAGS possibly introduces an unwanted
> > and potentially dangerous libsepol.a cache !
> 
> Please read LDLIBS instead of LDFLAGS.
> 
> At the least the following objects could be affected: checkpolicy,
> semodule_deps, mcstransd and the audit2why.so python module. A security
> notice might be need to be issued if confirmed.
> 
> > In fact, somewhere the LDFLAGS currently adds $(LIBDIR)/libsepol.a
> > instead of the local copy of static library libsepol.a. This should be
> > further investigated as it might need to be treated as a security flaw
> > (binaries available from different vendors might be affected if linked
> > against the existing old libsepol.a static library).

If you build with make DESTDIR=~/out > out and then grep libsepol.a out,
you'll see that it picks up the locally built one:
$ grep libsepol.a out 
ar rcs libsepol.a hierarchy.o genusers.o roles.o context_record.o port_record.o boolean_record.o interfaces.o assertion.o avtab.o polcaps.o link.o ports.o genbools.o handle.o module.o write.o users.o policydb.o symtab.o policydb_public.o mls.o ebitmap.o user_record.o hashtab.o debug.o util.o conditional.o policydb_convert.o services.o nodes.o sidtab.o iface_record.o context.o expand.o booleans.o constraint.o avrule_block.o node_record.o
ranlib libsepol.a
install -m 644 libsepol.a  /home/sds/out/usr/lib
cc   checkpolicy.o y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o policy_define.o  /home/sds/out/usr/lib/libsepol.a -lfl -o checkpolicy
cc   checkmodule.o y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o policy_define.o  /home/sds/out/usr/lib/libsepol.a -lfl -o checkmodule
cc   dispol.o  -lfl -lsepol -lselinux /home/sds/out/usr/lib/libsepol.a -L/home/sds/out/usr/lib -o dispol
cc   dismod.o  -lfl -lsepol -lselinux /home/sds/out/usr/lib/libsepol.a -L/home/sds/out/usr/lib -o dismod
cc   semodule_deps.o  /home/sds/out/usr/lib/libsepol.a -o semodule_deps

At least with that 16 month old checkout where make DESTDIR=~/out still
works.

In any event, the distributions don't build this way; they build
libsepol as a separate package and install it first before building the
packages that depend on it.

No CVEs filed for libsepol, and it isn't supposed to be a trust
boundary.

Nonetheless, I agree that reducing the number of users of the static
libsepol would be a good thing.  Only checkpolicy (and setools) has a
legitimate claim to needing it.  The rest ought to be reworked to use
new interfaces provided by the shared lib with proper encapsulation of
the data structures and implementation details.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

Hello again.

The security risk associated with the linkage of an old libsepol.a
static library is low due to the fact that the tools are usually built
from each component separately after all the libraries have been
previously built and installed.

On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > No, it doesn't currently ! If you want to try reproducing it, then you
> > should do so on a system which hasn't got it already installed (or make
> > sure you get temporarily rid of
> > $(PREFIX)/include/{selinux,sepol,semanage} and
> > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> 
> I know it is presently broken, but not sure exactly when/who broke it.
> However, as a working example:
> $ git clean -fdx
> $ rm -rf ~/out
> $ git checkout master@{"16 months ago"}
> $ make DESTDIR=~/out
> 
> works just fine for me.

...
make -C src 
make[2]: Entering directory
`/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
-Wmissing-format-attribute -I../include -I/opt/out/usr/include
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64   -c -o load_policy.o load_policy.c
load_policy.c:14:25: fatal error: sepol/sepol.h: No such file or
directory
compilation terminated.
make[2]: *** [load_policy.o] Error 1
make[2]: Leaving directory
`/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory
`/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux'
make: *** [all] Error 1

The above is what I get. And there is probably more behind that...

The problem is due to the fact that before "make install" is issued,
nothing usually exists under DESTDIR whatever DESTDIR is.

So includes from DESTDIR are getting included but unfortunately they are
not there (yet). Until you have temporarily removed DESTDIR, you won't
be able to reproduce it.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> Hello again.
> 
> The security risk associated with the linkage of an old libsepol.a
> static library is low due to the fact that the tools are usually built
> from each component separately after all the libraries have been
> previously built and installed.
> 
> On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > should do so on a system which hasn't got it already installed (or make
> > > sure you get temporarily rid of
> > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> > 
> > I know it is presently broken, but not sure exactly when/who broke it.
> > However, as a working example:
> > $ git clean -fdx
> > $ rm -rf ~/out
> > $ git checkout master@{"16 months ago"}
> > $ make DESTDIR=~/out
> > 
> > works just fine for me.
> 
> ...
> make -C src 
> make[2]: Entering directory
> `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
> -Wmissing-format-attribute -I../include -I/opt/out/usr/include
> -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64   -c -o load_policy.o load_policy.c
> load_policy.c:14:25: fatal error: sepol/sepol.h: No such file or
> directory
> compilation terminated.
> make[2]: *** [load_policy.o] Error 1
> make[2]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> make[1]: *** [all] Error 2
> make[1]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux'
> make: *** [all] Error 1
> 
> The above is what I get. And there is probably more behind that...
> 
> The problem is due to the fact that before "make install" is issued,
> nothing usually exists under DESTDIR whatever DESTDIR is.
> 
> So includes from DESTDIR are getting included but unfortunately they are
> not there (yet). Until you have temporarily removed DESTDIR, you won't
> be able to reproduce it.

I did remove it - look again at my message and see the rm -rf ~/out.
I also removed the system headers and libraries via yum.  Here we go
again:
$ ls ~/out
ls: cannot access /home/sds/out: No such file or directory
$ ls /usr/include/selinux
ls: cannot access /usr/include/selinux: No such file or directory
$ ls /usr/include/sepol
ls: cannot access /usr/include/sepol: No such file or directory
$ make DESTDIR=~/out > out
<completes successfully>
$ ls ~/out/lib/
libselinux.so.1  libsepol.so.1
$ ls ~/out/usr/include/
selinux  semanage  sepol
$ ls ~/out/usr/lib
libselinux.a   libsemanage.a   libsemanage.so.1  libsepol.so  python2.7
libselinux.so  libsemanage.so  libsepol.a        pkgconfig

See, from nothing to a complete build.  I can't explain it any more
clearly, so I'm stopping this thread here.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Tue, 2011-09-13 at 15:25 -0400, Stephen Smalley wrote:
> On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> > Hello again.
> > 
> > The security risk associated with the linkage of an old libsepol.a
> > static library is low due to the fact that the tools are usually built
> > from each component separately after all the libraries have been
> > previously built and installed.
> > 
> > On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > > should do so on a system which hasn't got it already installed (or make
> > > > sure you get temporarily rid of
> > > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> > > 
> > > I know it is presently broken, but not sure exactly when/who broke it.
> > > However, as a working example:
> > > $ git clean -fdx
> > > $ rm -rf ~/out
> > > $ git checkout master@{"16 months ago"}
> > > $ make DESTDIR=~/out
> > > 
> > > works just fine for me.
> > 
> > ...
> > make -C src 
> > make[2]: Entering directory
> > `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> > cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
> > -Wmissing-format-attribute -I../include -I/opt/out/usr/include
> > -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64   -c -o load_policy.o load_policy.c
> > load_policy.c:14:25: fatal error: sepol/sepol.h: No such file or
> > directory
> > compilation terminated.
> > make[2]: *** [load_policy.o] Error 1
> > make[2]: Leaving directory
> > `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> > make[1]: *** [all] Error 2
> > make[1]: Leaving directory
> > `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux'
> > make: *** [all] Error 1
> > 
> > The above is what I get. And there is probably more behind that...
> > 
> > The problem is due to the fact that before "make install" is issued,
> > nothing usually exists under DESTDIR whatever DESTDIR is.
> > 
> > So includes from DESTDIR are getting included but unfortunately they are
> > not there (yet). Until you have temporarily removed DESTDIR, you won't
> > be able to reproduce it.
> 
> I did remove it - look again at my message and see the rm -rf ~/out.
> I also removed the system headers and libraries via yum.  Here we go
> again:
> $ ls ~/out
> ls: cannot access /home/sds/out: No such file or directory
> $ ls /usr/include/selinux
> ls: cannot access /usr/include/selinux: No such file or directory
> $ ls /usr/include/sepol
> ls: cannot access /usr/include/sepol: No such file or directory
> $ make DESTDIR=~/out > out
> <completes successfully>
> $ ls ~/out/lib/
> libselinux.so.1  libsepol.so.1
> $ ls ~/out/usr/include/
> selinux  semanage  sepol
> $ ls ~/out/usr/lib
> libselinux.a   libsemanage.a   libsemanage.so.1  libsepol.so  python2.7
> libselinux.so  libsemanage.so  libsepol.a        pkgconfig
> 
> See, from nothing to a complete build.  I can't explain it any more
> clearly, so I'm stopping this thread here.

I suppose the one thing that might not be clear is that the Makefile
orders the SUBDIRS in order of dependency, so that we build and install
libsepol first, then libselinux, and so on such that the headers and
libraries required to build each component are already installed before
we build that component.  In your case, the sepol headers should have
already been installed before trying to build libselinux, and I don't
know why that didn't happen for you unless your make reorders SUBDIRS
internally or the make install in libsepol failed to complete (but I
wouldn't expect it to proceed in that case).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

On Tue, 2011-09-13 at 15:25 -0400, Stephen Smalley wrote:
> On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> > Hello again.
> > 
> > The security risk associated with the linkage of an old libsepol.a
> > static library is low due to the fact that the tools are usually built
> > from each component separately after all the libraries have been
> > previously built and installed.
> > 
> > On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > > should do so on a system which hasn't got it already installed (or make
> > > > sure you get temporarily rid of
> > > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> > > 
> > > I know it is presently broken, but not sure exactly when/who broke it.
> > > However, as a working example:
> > > $ git clean -fdx
> > > $ rm -rf ~/out
> > > $ git checkout master@{"16 months ago"}
> > > $ make DESTDIR=~/out
> > > 
> > > works just fine for me.
> > 
> > ...
> > make -C src 
> > make[2]: Entering directory
> > `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> > cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
> > -Wmissing-format-attribute -I../include -I/opt/out/usr/include
> > -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64   -c -o load_policy.o load_policy.c
> > load_policy.c:14:25: fatal error: sepol/sepol.h: No such file or
> > directory
> > compilation terminated.
> > make[2]: *** [load_policy.o] Error 1
> > make[2]: Leaving directory
> > `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux/src'
> > make[1]: *** [all] Error 2
> > make[1]: Leaving directory
> > `/usr/src/selinux-userspace/git/selinux-13092011-16monthsago/libselinux'
> > make: *** [all] Error 1
> > 
> > The above is what I get. And there is probably more behind that...
> > 
> > The problem is due to the fact that before "make install" is issued,
> > nothing usually exists under DESTDIR whatever DESTDIR is.
> > 
> > So includes from DESTDIR are getting included but unfortunately they are
> > not there (yet). Until you have temporarily removed DESTDIR, you won't
> > be able to reproduce it.
> 
> I did remove it - look again at my message and see the rm -rf ~/out.
> I also removed the system headers and libraries via yum.  Here we go
> again:
> $ ls ~/out
> ls: cannot access /home/sds/out: No such file or directory
> $ ls /usr/include/selinux
> ls: cannot access /usr/include/selinux: No such file or directory
> $ ls /usr/include/sepol
> ls: cannot access /usr/include/sepol: No such file or directory
> $ make DESTDIR=~/out > out
> <completes successfully>
> $ ls ~/out/lib/
> libselinux.so.1  libsepol.so.1
> $ ls ~/out/usr/include/
> selinux  semanage  sepol
> $ ls ~/out/usr/lib
> libselinux.a   libsemanage.a   libsemanage.so.1  libsepol.so  python2.7
> libselinux.so  libsemanage.so  libsepol.a        pkgconfig
> 
> See, from nothing to a complete build.  I can't explain it any more
> clearly, so I'm stopping this thread here.

Black magic ?

It is particularly strange that "make" automatically implies "make
install" (it should never be like that as it would be equivalent to
performing an installation without the user explicitly requiring it).

However in my specific case (above quoted logs), I bet git did not
properly go back in time so I was actually working on current git.

How about the semanage.conf(5) manual page ?

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

On Tue, 2011-09-13 at 15:34 -0400, Stephen Smalley wrote:
> On Tue, 2011-09-13 at 15:25 -0400, Stephen Smalley wrote:
> > On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> > > Hello again.
> > > 
> > > The security risk associated with the linkage of an old libsepol.a
> > > static library is low due to the fact that the tools are usually built
> > > from each component separately after all the libraries have been
> > > previously built and installed.
> > > 
> > > On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > > > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > > > should do so on a system which hasn't got it already installed (or make
> > > > > sure you get temporarily rid of
> > > > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).

[cut]

> I suppose the one thing that might not be clear is that the Makefile
> orders the SUBDIRS in order of dependency, so that we build and install
> libsepol first, then libselinux, and so on such that the headers and
> libraries required to build each component are already installed before
> we build that component.

It is up to the maintainer to keep the SUBDIRS variable ordered
(according to the dependency relations).

See for example:

http://www.gnu.org/s/hello/manual/make/Phony-Targets.html#Phony-Targets
http://www.gnu.org/s/hello/manual/automake/Subdirectories.html

> In your case, the sepol headers should have
> already been installed before trying to build libselinux, and I don't
> know why that didn't happen for you unless your make reorders SUBDIRS
> internally or the make install in libsepol failed to complete (but I
> wouldn't expect it to proceed in that case).

The make tool should not reorder variables in any case.

I did not issue a "make install" (yet). I did just issue "make" from the
top-level directory.

I am not building the components separately, I am building the whole
bundle (tools + libraries) from the top-level directory of the git
version. That's the point.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Tue, 2011-09-13 at 22:04 +0200, Guido Trentalancia wrote:
> It is up to the maintainer to keep the SUBDIRS variable ordered
> (according to the dependency relations).
> 
> See for example:
> 
> http://www.gnu.org/s/hello/manual/make/Phony-Targets.html#Phony-Targets
> http://www.gnu.org/s/hello/manual/automake/Subdirectories.html

Ok, we have ordered SUBDIRS in the Makefile in such a manner that each
component is built before anything that depends on it.

> > In your case, the sepol headers should have
> > already been installed before trying to build libselinux, and I don't
> > know why that didn't happen for you unless your make reorders SUBDIRS
> > internally or the make install in libsepol failed to complete (but I
> > wouldn't expect it to proceed in that case).
> 
> The make tool should not reorder variables in any case.

Good.

> I did not issue a "make install" (yet). I did just issue "make" from the
> top-level directory.

Right, that can't work and never has, which is why 'make' used to invoke
'make install' until Eric (incorrectly) changed that behavior.

> I am not building the components separately, I am building the whole
> bundle (tools + libraries) from the top-level directory of the git
> version. That's the point.

Understood, and the only way to do that has always been make
DESTDIR=~/out.  Reverting/fixing the changes that have broken that
behavior is the right solution.

Looking at your last patch, I don't see how it can possibly work in the
case where one isn't building the entire source tree (e.g. for package
building), because it encodes a relative path to the static libs in
LDLIBS.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Eric Paris]

On Tue, 2011-09-13 at 22:04 +0200, Guido Trentalancia wrote:
> On Tue, 2011-09-13 at 15:34 -0400, Stephen Smalley wrote:
> > On Tue, 2011-09-13 at 15:25 -0400, Stephen Smalley wrote:
> > > On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> > > > Hello again.
> > > > 
> > > > The security risk associated with the linkage of an old libsepol.a
> > > > static library is low due to the fact that the tools are usually built
> > > > from each component separately after all the libraries have been
> > > > previously built and installed.
> > > > 
> > > > On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > > > > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > > > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > > > > should do so on a system which hasn't got it already installed (or make
> > > > > > sure you get temporarily rid of
> > > > > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > > > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> 
> [cut]
> 
> > I suppose the one thing that might not be clear is that the Makefile
> > orders the SUBDIRS in order of dependency, so that we build and install
> > libsepol first, then libselinux, and so on such that the headers and
> > libraries required to build each component are already installed before
> > we build that component.
> 
> It is up to the maintainer to keep the SUBDIRS variable ordered
> (according to the dependency relations).
> 
> See for example:
> 
> http://www.gnu.org/s/hello/manual/make/Phony-Targets.html#Phony-Targets
> http://www.gnu.org/s/hello/manual/automake/Subdirectories.html
> 
> > In your case, the sepol headers should have
> > already been installed before trying to build libselinux, and I don't
> > know why that didn't happen for you unless your make reorders SUBDIRS
> > internally or the make install in libsepol failed to complete (but I
> > wouldn't expect it to proceed in that case).
> 
> The make tool should not reorder variables in any case.
> 
> I did not issue a "make install" (yet). I did just issue "make" from the
> top-level directory.
> 
> I am not building the components separately, I am building the whole
> bundle (tools + libraries) from the top-level directory of the git
> version. That's the point.

I, recently, applied a patch which changed the top level default from
install to all.  sds says the 'right' way to build the git tree WAS to
call "make DESTDIR=~/out"  (Remember the default was to install).  Since
I changed the default target the new way to build out of the tree is to
call "make DESTDIR=~/out install"

I have no plans at this time to revert my commit which changed the
default from 'install' to 'all'.  It is just flat out totally wrong that
cloning the git tree and typing make can break your running system.
Period.  I agree that we must be certain not to break anyone who decides
to still use 'make DESTDIR=~/out install' method.  Note: I'm fine that
this means I'm forcing sds to use the install target instead of the
default target from here out.  The old default target was a very bad
idea.  If you know you need to type DESTDIR= you can also know to type
'install.'  If this doesn't work, I need to fix it.  (It doesn't work
for me, but I'm not certain why just yet)

Personally, I'd like to see just 'make' at the top level dir build
properly and I think your patches get us most of the way there without
(further) breaking the building method that sds prefers.

If you get your best patch which does nothing but allow us to just type
'make' at the top level dir and it builds everything properly in place,
I'll review and probably commit such a patch.

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Tue, 2011-09-13 at 16:26 -0400, Eric Paris wrote:
> On Tue, 2011-09-13 at 22:04 +0200, Guido Trentalancia wrote:
> > On Tue, 2011-09-13 at 15:34 -0400, Stephen Smalley wrote:
> > > On Tue, 2011-09-13 at 15:25 -0400, Stephen Smalley wrote:
> > > > On Tue, 2011-09-13 at 21:18 +0200, Guido Trentalancia wrote:
> > > > > Hello again.
> > > > > 
> > > > > The security risk associated with the linkage of an old libsepol.a
> > > > > static library is low due to the fact that the tools are usually built
> > > > > from each component separately after all the libraries have been
> > > > > previously built and installed.
> > > > > 
> > > > > On Tue, 2011-09-13 at 14:48 -0400, Stephen Smalley wrote:
> > > > > > On Tue, 2011-09-13 at 20:33 +0200, Guido Trentalancia wrote:
> > > > > > > No, it doesn't currently ! If you want to try reproducing it, then you
> > > > > > > should do so on a system which hasn't got it already installed (or make
> > > > > > > sure you get temporarily rid of
> > > > > > > $(PREFIX)/include/{selinux,sepol,semanage} and
> > > > > > > $(LIBDIR)/lib{selinux,sepol,semanage}.* first).
> > 
> > [cut]
> > 
> > > I suppose the one thing that might not be clear is that the Makefile
> > > orders the SUBDIRS in order of dependency, so that we build and install
> > > libsepol first, then libselinux, and so on such that the headers and
> > > libraries required to build each component are already installed before
> > > we build that component.
> > 
> > It is up to the maintainer to keep the SUBDIRS variable ordered
> > (according to the dependency relations).
> > 
> > See for example:
> > 
> > http://www.gnu.org/s/hello/manual/make/Phony-Targets.html#Phony-Targets
> > http://www.gnu.org/s/hello/manual/automake/Subdirectories.html
> > 
> > > In your case, the sepol headers should have
> > > already been installed before trying to build libselinux, and I don't
> > > know why that didn't happen for you unless your make reorders SUBDIRS
> > > internally or the make install in libsepol failed to complete (but I
> > > wouldn't expect it to proceed in that case).
> > 
> > The make tool should not reorder variables in any case.
> > 
> > I did not issue a "make install" (yet). I did just issue "make" from the
> > top-level directory.
> > 
> > I am not building the components separately, I am building the whole
> > bundle (tools + libraries) from the top-level directory of the git
> > version. That's the point.
> 
> I, recently, applied a patch which changed the top level default from
> install to all.  sds says the 'right' way to build the git tree WAS to
> call "make DESTDIR=~/out"  (Remember the default was to install).  Since
> I changed the default target the new way to build out of the tree is to
> call "make DESTDIR=~/out install"
> 
> I have no plans at this time to revert my commit which changed the
> default from 'install' to 'all'.  It is just flat out totally wrong that
> cloning the git tree and typing make can break your running system.
> Period.  I agree that we must be certain not to break anyone who decides
> to still use 'make DESTDIR=~/out install' method.  Note: I'm fine that
> this means I'm forcing sds to use the install target instead of the
> default target from here out.  The old default target was a very bad
> idea.  If you know you need to type DESTDIR= you can also know to type
> 'install.'  If this doesn't work, I need to fix it.  (It doesn't work
> for me, but I'm not certain why just yet)
> 
> Personally, I'd like to see just 'make' at the top level dir build
> properly and I think your patches get us most of the way there without
> (further) breaking the building method that sds prefers.
> 
> If you get your best patch which does nothing but allow us to just type
> 'make' at the top level dir and it builds everything properly in place,
> I'll review and probably commit such a patch.

Be sure to test at least the following scenarios:
1) No sepol/selinux/semanage system headers installed on build host,
2) Old/incompatible sepol/selinux/semanage system headers installed on
build host (e.g. f14 build host, latest selinux git tree),
3) Ability to build each component separately without the rest of the
source tree, e.g. package rebuilds.

The make DESTDIR=~/out install approach enabled the first two to work
without breaking the third, which is why it was attractive.  If he can
make all three work via another mechanism, then I'm fine with it.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

On Tue, 2011-09-13 at 16:20 -0400, Stephen Smalley wrote:
> On Tue, 2011-09-13 at 22:04 +0200, Guido Trentalancia wrote:
> > It is up to the maintainer to keep the SUBDIRS variable ordered
> > (according to the dependency relations).
> > 
> > See for example:
> > 
> > http://www.gnu.org/s/hello/manual/make/Phony-Targets.html#Phony-Targets
> > http://www.gnu.org/s/hello/manual/automake/Subdirectories.html
> 
> Ok, we have ordered SUBDIRS in the Makefile in such a manner that each
> component is built before anything that depends on it.

Yes, the order looks fine to me.

Could upgrade to phony targets as well (see first document). It would
allow parallel builds and also it would prevent it from continuing on
failure of a target.

> > > In your case, the sepol headers should have
> > > already been installed before trying to build libselinux, and I don't
> > > know why that didn't happen for you unless your make reorders SUBDIRS
> > > internally or the make install in libsepol failed to complete (but I
> > > wouldn't expect it to proceed in that case).
> > 
> > The make tool should not reorder variables in any case.
> 
> Good.
> 
> > I did not issue a "make install" (yet). I did just issue "make" from the
> > top-level directory.
> 
> Right, that can't work and never has, which is why 'make' used to invoke
> 'make install' until Eric (incorrectly) changed that behavior.

"make" should never invoke "make install". It is not desirable that an
installation takes place without the user *explictly* requiring it.

However that behavior should be changed for many other reasons,
including in particular the possible security risk associated with
static linkage of an old libsepol.a.

> > I am not building the components separately, I am building the whole
> > bundle (tools + libraries) from the top-level directory of the git
> > version. That's the point.
> 
> Understood, and the only way to do that has always been make
> DESTDIR=~/out.  Reverting/fixing the changes that have broken that
> behavior is the right solution.

See above and also see latest reply from Eric.

> Looking at your last patch, I don't see how it can possibly work in the
> case where one isn't building the entire source tree (e.g. for package
> building), because it encodes a relative path to the static libs in
> LDLIBS.

If it accidently ends up in the separate packages, it still won't affect
their build, because the compiler include/link flag would fall back to
the system-wide files.

However, ideally, part of the patch should be reverted prior to creating
the release archives for the separate components. As it is, the patch is
intended for the whole git bundle (top-level pull).

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Improve installation of userspace shared libraries (was Re: [RFC] Userspace top-level Makefile)

[Stephen Smalley]

On Mon, 2011-09-12 at 22:17 +0200, Guido Trentalancia wrote:
> +++ selinux-12092011-test/libsepol/src/Makefile	2011-09-12 21:53:56.414127000 +0200
> @@ -43,7 +43,7 @@ install: all
>  	install -m 755 $(LIBSO) $(SHLIBDIR)
>  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> +	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
>  
>  relabel:
>  	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> 
> Is there anything else that looks odd in it ? Partial description could
> be something like this:
> 
> Simply use the filename as the target instead of the full path to the
> shared libraries when creating the links in SHLIBDIR during
> installation.

The symlink and the shared object aren't always in the same directory,
e.g. in Fedora the shared object may live in /lib or /lib64 while the
symlink may live in /usr/lib or /usr/lib64.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

On Tue, 2011-09-13 at 16:42 -0400, Stephen Smalley wrote: 
> > Personally, I'd like to see just 'make' at the top level dir build
> > properly and I think your patches get us most of the way there without
> > (further) breaking the building method that sds prefers.
> > 
> > If you get your best patch which does nothing but allow us to just type
> > 'make' at the top level dir and it builds everything properly in place,
> > I'll review and probably commit such a patch.
> 
> Be sure to test at least the following scenarios:
> 1) No sepol/selinux/semanage system headers installed on build host,

I've tested this when creating any of the previous patches. It is
important if Eric and/or somebody else could test it again
independently.

> 2) Old/incompatible sepol/selinux/semanage system headers installed on
> build host (e.g. f14 build host, latest selinux git tree),

This was the original motivation for creating the patch and as such it
has obviously been tested, at least on my system. It is important if
Eric and/or somebody else could test it again independently.

> 3) Ability to build each component separately without the rest of the
> source tree, e.g. package rebuilds.

I have never specifically tested this. But it is supposed to work at
least until the SUBDIR order is respected.

> The make DESTDIR=~/out install approach enabled the first two to work
> without breaking the third, which is why it was attractive.  If he can
> make all three work via another mechanism, then I'm fine with it.

After applying the patch, it should be possible to use "make
DESTDIR=~/out" to build and "make DESTDIR=~/out install" to install it
as a special case of passing special environment variables to the
Makefiles.

If previously it was ever possible to build and install at the same time
by just using "make DESTDIR=~/out" (i.e. without explicitly requiring
the "install" target), it was wrong. It's probably written nowhere
specifically, but install at least about a hundred random Linux packages
and you will tell me it is wrong !

Note: it is generally preferable to prepend the environment variables to
be passed to the make process. If the variables are appended, their
value cannot be changed or manipulated by the Makefile(s). Very often
the Makefiles need to manipulate (for example, conditional append) the
value of some environment variable (for example, CFLAGS).

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Improve installation of userspace shared libraries (was Re: [RFC] Userspace top-level Makefile)

[Guido Trentalancia]

On Tue, 2011-09-13 at 17:00 -0400, Stephen Smalley wrote:
> On Mon, 2011-09-12 at 22:17 +0200, Guido Trentalancia wrote:
> > +++ selinux-12092011-test/libsepol/src/Makefile	2011-09-12 21:53:56.414127000 +0200
> > @@ -43,7 +43,7 @@ install: all
> >  	install -m 755 $(LIBSO) $(SHLIBDIR)
> >  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
> >  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> > -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> > +	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
> >  
> >  relabel:
> >  	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> > 
> > Is there anything else that looks odd in it ? Partial description could
> > be something like this:
> > 
> > Simply use the filename as the target instead of the full path to the
> > shared libraries when creating the links in SHLIBDIR during
> > installation.
> 
> The symlink and the shared object aren't always in the same directory,
> e.g. in Fedora the shared object may live in /lib or /lib64 while the
> symlink may live in /usr/lib or /usr/lib64.

The spec file would create the second one I suppose.

Regards,

Guido



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [RFC] Improve installation of userspace shared libraries (was Re: [RFC] Userspace top-level Makefile)

[Guido Trentalancia]

On Tue, 2011-09-13 at 23:12 +0200, Guido Trentalancia wrote:
> On Tue, 2011-09-13 at 17:00 -0400, Stephen Smalley wrote:
> > On Mon, 2011-09-12 at 22:17 +0200, Guido Trentalancia wrote:
> > > +++ selinux-12092011-test/libsepol/src/Makefile	2011-09-12 21:53:56.414127000 +0200
> > > @@ -43,7 +43,7 @@ install: all
> > >  	install -m 755 $(LIBSO) $(SHLIBDIR)
> > >  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
> > >  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> > > -	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> > > +	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
> > >  
> > >  relabel:
> > >  	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> > > 
> > > Is there anything else that looks odd in it ? Partial description could
> > > be something like this:
> > > 
> > > Simply use the filename as the target instead of the full path to the
> > > shared libraries when creating the links in SHLIBDIR during
> > > installation.
> > 
> > The symlink and the shared object aren't always in the same directory,
> > e.g. in Fedora the shared object may live in /lib or /lib64 while the
> > symlink may live in /usr/lib or /usr/lib64.
> 
> The spec file would create the second one I suppose.

You might actually be right.

Apparently in Fedora, it is still being created by the upstream Makefile
and it only gets sorted between packages by the spec file. Apart from
that, libsemanage from F15 (re)creates that independently in the spec
file.

However, apart from the specific case above (any distribution in general
depends on its own build scheme), I do not consider a good idea
installing the library executable file and the generic symbolic link to
it in two different places. This is mainly because the unique directory
is assumed to be in the LD search path and thus the link is only
intended to select the specific version amongst several different
versions available. That is why I am still a little reluctant about
changing that.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v4] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

Hello Eric !

On Tue, 2011-09-13 at 16:26 -0400, Eric Paris wrote:
> Personally, I'd like to see just 'make' at the top level dir build
> properly and I think your patches get us most of the way there without
> (further) breaking the building method that sds prefers.
> 
> If you get your best patch which does nothing but allow us to just type
> 'make' at the top level dir and it builds everything properly in place,
> I'll review and probably commit such a patch.

Yes, let's get to the point. The latest version of the patch that you
should test is attached below. Please note that it also changes the
creation of symbolic links to shared libraries (needs to be
double-checked for correctness).

diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-13092011/checkpolicy/Makefile	2011-09-13 02:58:19.314224502 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux/checkpolicy/test/Makefile selinux-13092011/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-13092011/checkpolicy/test/Makefile	2011-09-13 02:58:19.315224529 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux/libselinux/src/Makefile selinux-13092011/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-13092011/libselinux/src/Makefile	2011-09-13 03:30:08.882910143 +0200
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pruN selinux/libsemanage/src/Makefile selinux-13092011/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-13092011/libsemanage/src/Makefile	2011-09-13 03:36:55.724150908 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pruN selinux/libsepol/src/Makefile selinux-13092011/libsepol/src/Makefile
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-13092011/libsepol/src/Makefile	2011-09-13 02:57:31.309865469 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -pruN selinux/Makefile selinux-13092011/Makefile
--- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-13092011/Makefile	2011-09-13 02:58:19.315224529 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-13092011/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-13092011/policycoreutils/audit2allow/Makefile	2011-09-13 03:04:59.631193632 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-13092011/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011/policycoreutils/audit2why/Makefile	2011-09-13 03:01:12.676515333 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-13092011/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011/policycoreutils/load_policy/Makefile	2011-09-13 03:16:23.953209557 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-13092011/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-13092011/policycoreutils/mcstrans/src/Makefile	2011-09-13 03:28:56.851327660 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-13092011/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011/policycoreutils/mcstrans/utils/Makefile	2011-09-13 03:27:22.371562684 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/newrole/Makefile selinux-13092011/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011/policycoreutils/newrole/Makefile	2011-09-13 03:17:53.038877292 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-13092011/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011/policycoreutils/restorecond/Makefile	2011-09-13 03:09:18.182096161 +0200
@@ -1,13 +1,14 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pruN selinux/policycoreutils/run_init/Makefile selinux-13092011/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011/policycoreutils/run_init/Makefile	2011-09-13 03:14:35.943421643 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-13092011/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-13092011/policycoreutils/sandbox/Makefile	2011-09-13 03:08:17.158649761 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng 
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pruN selinux/policycoreutils/scripts/Makefile selinux-13092011/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011/policycoreutils/scripts/Makefile	2011-09-13 02:59:44.455859136 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
@@ -11,7 +11,10 @@ install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 chcat $(BINDIR)
 	install -m 755 fixfiles $(DESTDIR)/sbin
-	install -m 755 genhomedircon  $(SBINDIR)
+	@echo "#!/bin/sh" > genhomedircon
+	@echo >> genhomedircon
+	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+	install -m 755 genhomedircon $(SBINDIR)
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 fixfiles.8 $(MANDIR)/man8/
 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux/policycoreutils/secon/Makefile selinux-13092011/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011/policycoreutils/secon/Makefile	2011-09-13 03:09:50.934336415 +0200
@@ -1,9 +1,9 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
diff -pruN selinux/policycoreutils/semanage/Makefile selinux-13092011/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011/policycoreutils/semanage/Makefile	2011-09-13 03:10:39.427692261 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pruN selinux/policycoreutils/semodule/Makefile selinux-13092011/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011/policycoreutils/semodule/Makefile	2011-09-13 03:11:52.329224670 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-13092011/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011/policycoreutils/semodule_deps/Makefile	2011-09-13 03:02:06.359913305 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-13092011/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_expand/Makefile	2011-09-13 03:11:07.722900079 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-13092011/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_link/Makefile	2011-09-13 03:05:23.873372013 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-13092011/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/semodule_package/Makefile	2011-09-13 03:10:14.033504971 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-13092011/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011/policycoreutils/sestatus/Makefile	2011-09-13 03:12:39.142571067 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-13092011/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011/policycoreutils/setfiles/Makefile	2011-09-13 03:13:18.560856761 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-13092011/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011/policycoreutils/setsebool/Makefile	2011-09-13 03:11:32.604081796 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/README selinux-13092011/README
--- selinux/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-13092011/README	2011-09-13 02:58:19.316224554 +0200
@@ -0,0 +1,20 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+The environment variable DESTDIR can be passed to "make" in order to configure a
+specific directory to be used as the root installation directory.
+
+Please see the Makefile(s) for other environment variables that can be used.

To the above you could also add the following bits in order to improve
the manual page of genhomedircon:

diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-13092011/policycoreutils/scripts/genhomedircon.8
--- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011/policycoreutils/scripts/genhomedircon.8	2011-09-13 02:57:45.412971066 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
 .SH NAME
 genhomedircon \- generate SELinux file context configuration entries for user home directories
 .SH SYNOPSIS
 .B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
 
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
 
 .SH AUTHOR
 This manual page was written by
 .I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)

And after that you could then review and eventually commit the patch for
the new semanage.conf(5) manual page (separate thread). The good thing
about this last one is that it does not need testing !

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Fix function arguments in libsemanage tests (was Re: [PATCH v4] Fix includes for userspace tools and libraries)

[Guido Trentalancia]

Another possible improvement could be as follows (libsemanag):

Fix a few calls to semanage_store_access_check() in the libsemanage
tests so that a void function is called.

--- selinux/libsemanage/tests/test_semanage_store.c	2011-09-09 20:12:56.017662440 +0200
+++ selinux-13092011-rebuild/libsemanage/tests/test_semanage_store.c	2011-09-14 01:19:05.547450022 +0200
@@ -163,7 +163,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(polpath, 0);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == -1);
 
 	/* check with permissions 500 */
@@ -174,7 +174,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(modpath, S_IRUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == SEMANAGE_CAN_READ);
 
 	/* check with permissions 700 */
@@ -185,7 +185,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == SEMANAGE_CAN_WRITE);
 
 	/* check with lock file 000 and others 500 */
@@ -196,7 +196,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(modpath, S_IRUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == 0);
 
 	/* check with lock file 000 and others 700 */
@@ -207,7 +207,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == 0);
 
 	/* remove lock file */
@@ -222,7 +222,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(polpath, 0);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == -1);
 
 	/* check with no lock file and 500 */
@@ -233,14 +233,14 @@ void test_semanage_store_access_check(vo
 	err = chmod(modpath, S_IRUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == 0);
 
 	/* check with no lock file but write in lockpath */
 	err = chmod(lockpath, S_IRUSR | S_IWUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == SEMANAGE_CAN_READ);
 
 	/* check with no lock file and 700 */
@@ -249,7 +249,7 @@ void test_semanage_store_access_check(vo
 	err = chmod(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
 	CU_ASSERT(err == 0);
 
-	err = semanage_store_access_check(sh);
+	err = semanage_store_access_check();
 	CU_ASSERT(err == SEMANAGE_CAN_WRITE);
 }
 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Change default make target for sepolgen (was Re: [PATCH v4] Fix includes for userspace tools and libraries)

[Guido Trentalancia]

And for the reason mentioned earlier (do not install unless explicitly
required to do so):

Change the default "make" target for sepolgen from "install" to "all".

--- selinux/sepolgen/src/sepolgen/Makefile	2011-09-09 20:12:56.080662897 +0200
+++ selinux-13092011-rebuild/sepolgen/src/sepolgen/Makefile	2011-09-14 02:30:20.172601736 +0200
@@ -1,7 +1,9 @@
 PYTHONLIBDIR ?= $(shell  python -c "from distutils.sysconfig import *; print get_python_lib(1)")
 PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
 
-install:
+all:
+
+install: all
 	-mkdir -p $(PACKAGEDIR)
 	install -m 644 *.py $(PACKAGEDIR)
 
--- selinux/sepolgen/src/share/Makefile	2011-09-09 20:12:56.082662911 +0200
+++ selinux-13092011-rebuild/sepolgen/src/share/Makefile	2011-09-14 02:36:02.173755672 +0200
@@ -1,8 +1,10 @@
 SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
 
-install:
+all:
+
+install: all
 	-mkdir -p $(SHAREDIR)
 	install -m 644 perm_map $(SHAREDIR)
 
 clean:

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Change default make target for some directories in the libraries (was Re: [PATCH] Change default make target for sepolgen)

[Guido Trentalancia]

And similarly for the "include" and "man" directories available for the
libraries:

Change the default "make" target for the libraries from "install" to
"all" in *all* makefiles.

--- selinux/libselinux/include/Makefile	2011-09-09 20:12:55.981662183 +0200
+++ selinux-13092011-rebuild/libselinux/include/Makefile	2011-09-14 02:48:03.159322088 +0200
@@ -2,6 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/selinux
 
+all:
+
 install:
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	install -m 644 $(wildcard selinux/*.h) $(INCDIR)
--- selinux/libsepol/include/Makefile	2011-09-09 20:12:56.018662447 +0200
+++ selinux-13092011-rebuild/libsepol/include/Makefile	2011-09-14 02:48:39.183551143 +0200
@@ -2,6 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/sepol
 
+all:
+
 install:
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
--- selinux/libsemanage/include/Makefile	2011-09-09 20:12:56.001662322 +0200
+++ selinux-13092011-rebuild/libsemanage/include/Makefile	2011-09-14 02:48:23.919454058 +0200
@@ -2,6 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/semanage
 
+all:
+
 install:
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	install -m 644 $(wildcard semanage/*.h) $(INCDIR)
--- selinux-13092011-rebuild2/libselinux/man/Makefile	2011-09-14 03:04:28.573741936 +0200
+++ selinux-13092011-rebuild/libselinux/man/Makefile	2011-09-14 02:56:26.626528998 +0200
@@ -4,6 +4,8 @@ MAN3DIR ?= $(PREFIX)/share/man/man3
 MAN5DIR ?= $(PREFIX)/share/man/man5
 MAN8DIR ?= $(PREFIX)/share/man/man8
 
+all:
+
 install:
 	mkdir -p $(MAN3DIR)
 	mkdir -p $(MAN5DIR)
--- selinux-13092011-rebuild2/libsepol/man/Makefile	2011-09-14 03:04:36.648799423 +0200
+++ selinux-13092011-rebuild/libsepol/man/Makefile	2011-09-14 02:57:38.237986215 +0200
@@ -3,6 +3,8 @@ PREFIX ?= $(DESTDIR)/usr
 MAN3DIR ?= $(PREFIX)/share/man/man3
 MAN8DIR ?= $(PREFIX)/share/man/man8
 
+all:
+
 install:
 	mkdir -p $(MAN3DIR)
 	mkdir -p $(MAN8DIR)
--- selinux-13092011-rebuild2/libsemanage/man/Makefile	2011-09-14 03:04:43.361847205 +0200
+++ selinux-13092011-rebuild/libsemanage/man/Makefile	2011-09-14 02:57:24.475898336 +0200
@@ -3,6 +3,8 @@ PREFIX ?= $(DESTDIR)/usr
 MAN3DIR ?= $(PREFIX)/share/man/man3
 MAN5DIR ?= $(PREFIX)/share/man/man5
 
+all:
+
 install:
 	mkdir -p $(MAN3DIR)
 	mkdir -p $(MAN5DIR)

On Wed, 2011-09-14 at 02:44 +0200, Guido Trentalancia wrote:
> And for the reason mentioned earlier (do not install unless explicitly
> required to do so):
> 
> Change the default "make" target for sepolgen from "install" to "all".
> 
> --- selinux/sepolgen/src/sepolgen/Makefile	2011-09-09 20:12:56.080662897 +0200
> +++ selinux-13092011-rebuild/sepolgen/src/sepolgen/Makefile	2011-09-14 02:30:20.172601736 +0200
> @@ -1,7 +1,9 @@
>  PYTHONLIBDIR ?= $(shell  python -c "from distutils.sysconfig import *; print get_python_lib(1)")
>  PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
>  
> -install:
> +all:
> +
> +install: all
>  	-mkdir -p $(PACKAGEDIR)
>  	install -m 644 *.py $(PACKAGEDIR)
>  
> --- selinux/sepolgen/src/share/Makefile	2011-09-09 20:12:56.082662911 +0200
> +++ selinux-13092011-rebuild/sepolgen/src/share/Makefile	2011-09-14 02:36:02.173755672 +0200
> @@ -1,8 +1,10 @@
>  SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
>  
> -install:
> +all:
> +
> +install: all
>  	-mkdir -p $(SHAREDIR)
>  	install -m 644 perm_map $(SHAREDIR)
>  
>  clean:
> 
> Regards,
> 
> Guido
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Change default make target for the man directory of policycoreutils/mcstrans (was Re: [PATCH] Change default make target for sepolgen)

[Guido Trentalancia]

For the sake of completeness, also fix the same issue in policycoreutils
(for the currently-disabled target mcstrans):

--- selinux-13092011-rebuild2/policycoreutils/mcstrans/man/Makefile	2011-09-09 20:12:56.036662576 +0200
+++ selinux-13092011-rebuild/policycoreutils/mcstrans/man/Makefile	2011-09-14 03:11:39.994807156 +0200
@@ -1,6 +1,8 @@
 # Installation directories.
 MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
 
+all:
+
 install:
 	mkdir -p $(MAN8DIR)
 	install -m 644 man8/*.8 $(MAN8DIR)

On Wed, 2011-09-14 at 03:10 +0200, Guido Trentalancia wrote:
> And similarly for the "include" and "man" directories available for the
> libraries:
> 
> Change the default "make" target for the libraries from "install" to
> "all" in *all* makefiles.
> 
> --- selinux/libselinux/include/Makefile	2011-09-09 20:12:55.981662183 +0200
> +++ selinux-13092011-rebuild/libselinux/include/Makefile	2011-09-14 02:48:03.159322088 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/selinux
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	install -m 644 $(wildcard selinux/*.h) $(INCDIR)
> --- selinux/libsepol/include/Makefile	2011-09-09 20:12:56.018662447 +0200
> +++ selinux-13092011-rebuild/libsepol/include/Makefile	2011-09-14 02:48:39.183551143 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/sepol
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
> --- selinux/libsemanage/include/Makefile	2011-09-09 20:12:56.001662322 +0200
> +++ selinux-13092011-rebuild/libsemanage/include/Makefile	2011-09-14 02:48:23.919454058 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/semanage
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	install -m 644 $(wildcard semanage/*.h) $(INCDIR)
> --- selinux-13092011-rebuild2/libselinux/man/Makefile	2011-09-14 03:04:28.573741936 +0200
> +++ selinux-13092011-rebuild/libselinux/man/Makefile	2011-09-14 02:56:26.626528998 +0200
> @@ -4,6 +4,8 @@ MAN3DIR ?= $(PREFIX)/share/man/man3
>  MAN5DIR ?= $(PREFIX)/share/man/man5
>  MAN8DIR ?= $(PREFIX)/share/man/man8
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN5DIR)
> --- selinux-13092011-rebuild2/libsepol/man/Makefile	2011-09-14 03:04:36.648799423 +0200
> +++ selinux-13092011-rebuild/libsepol/man/Makefile	2011-09-14 02:57:38.237986215 +0200
> @@ -3,6 +3,8 @@ PREFIX ?= $(DESTDIR)/usr
>  MAN3DIR ?= $(PREFIX)/share/man/man3
>  MAN8DIR ?= $(PREFIX)/share/man/man8
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN8DIR)
> --- selinux-13092011-rebuild2/libsemanage/man/Makefile	2011-09-14 03:04:43.361847205 +0200
> +++ selinux-13092011-rebuild/libsemanage/man/Makefile	2011-09-14 02:57:24.475898336 +0200
> @@ -3,6 +3,8 @@ PREFIX ?= $(DESTDIR)/usr
>  MAN3DIR ?= $(PREFIX)/share/man/man3
>  MAN5DIR ?= $(PREFIX)/share/man/man5
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN5DIR)
> 
> On Wed, 2011-09-14 at 02:44 +0200, Guido Trentalancia wrote:
> > And for the reason mentioned earlier (do not install unless explicitly
> > required to do so):
> > 
> > Change the default "make" target for sepolgen from "install" to "all".
> > 
> > --- selinux/sepolgen/src/sepolgen/Makefile	2011-09-09 20:12:56.080662897 +0200
> > +++ selinux-13092011-rebuild/sepolgen/src/sepolgen/Makefile	2011-09-14 02:30:20.172601736 +0200
> > @@ -1,7 +1,9 @@
> >  PYTHONLIBDIR ?= $(shell  python -c "from distutils.sysconfig import *; print get_python_lib(1)")
> >  PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
> >  
> > -install:
> > +all:
> > +
> > +install: all
> >  	-mkdir -p $(PACKAGEDIR)
> >  	install -m 644 *.py $(PACKAGEDIR)
> >  
> > --- selinux/sepolgen/src/share/Makefile	2011-09-09 20:12:56.082662911 +0200
> > +++ selinux-13092011-rebuild/sepolgen/src/share/Makefile	2011-09-14 02:36:02.173755672 +0200
> > @@ -1,8 +1,10 @@
> >  SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
> >  
> > -install:
> > +all:
> > +
> > +install: all
> >  	-mkdir -p $(SHAREDIR)
> >  	install -m 644 perm_map $(SHAREDIR)
> >  
> >  clean:
> > 
> > Regards,
> > 
> > Guido
> > 
> > 
> > --
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> > the words "unsubscribe selinux" without quotes as the message.
> > 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v4] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Wed, 2011-09-14 at 00:05 +0200, Guido Trentalancia wrote:
> Hello Eric !
> 
> On Tue, 2011-09-13 at 16:26 -0400, Eric Paris wrote:
> > Personally, I'd like to see just 'make' at the top level dir build
> > properly and I think your patches get us most of the way there without
> > (further) breaking the building method that sds prefers.
> > 
> > If you get your best patch which does nothing but allow us to just type
> > 'make' at the top level dir and it builds everything properly in place,
> > I'll review and probably commit such a patch.
> 
> Yes, let's get to the point. The latest version of the patch that you
> should test is attached below. Please note that it also changes the
> creation of symbolic links to shared libraries (needs to be
> double-checked for correctness).
> 
> diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
> --- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> +++ selinux-13092011/checkpolicy/Makefile	2011-09-13 02:58:19.314224502 +0200
> @@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
>  CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
>  CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
>  
> -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  GENERATED=lex.yy.c y.tab.c y.tab.h

The above will break when building checkpolicy separately.  Ditto for
the other components that need to reference a static lib.  I think this
is why we didn't go down this path previously.

BTW, your patch wouldn't quite compile as is for me even aside from this
issue; you don't seem to have defined LIBDIR in
policycoreutils/restorecond/Makefile before using it.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Change default make target for sepolgen (was Re: [PATCH v4] Fix includes for userspace tools and libraries)

[Eric Paris]

On Wed, 2011-09-14 at 02:44 +0200, Guido Trentalancia wrote:
> And for the reason mentioned earlier (do not install unless explicitly
> required to do so):
> 
> Change the default "make" target for sepolgen from "install" to "all".

I've squashed them together and then added a version of these 3 patches
to my devel tree.  Thank you!

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Fix function arguments in libsemanage tests (was Re: [PATCH v4] Fix includes for userspace tools and libraries)

[Eric Paris]

On Wed, 2011-09-14 at 01:33 +0200, Guido Trentalancia wrote:
> Another possible improvement could be as follows (libsemanag):
> 
> Fix a few calls to semanage_store_access_check() in the libsemanage
> tests so that a void function is called.

Please in the future include a line which looks something like the
following at the end of the comments with all patches you wish to have
committed:

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>

The purpose of this line is to indicate that you have the rights to
contribute this code to the project and that you agree to license the
code according to the license(s) of the file(s) that the patch will be
applied to.

I prefer patches in the format like the linux kernel: 
https://github.com/torvalds/linux/blob/master/Documentation/SubmittingPatches

Basically that entails the subject line of the e-mail is the short
description of the patch (nothing extra except inside the [])

The body should be a complete description of what change you made and in
particular why.  You should mention testing and things like that as
well.

The signed-off-by line.
The last line of the changelog should be just --- (at the beginning of
the line)

After the --- line include the patch.

thanks so much!

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

Hello Stephen.

On Wed, 2011-09-14 at 08:56 -0400, Stephen Smalley wrote:
> On Wed, 2011-09-14 at 00:05 +0200, Guido Trentalancia wrote:
> > Hello Eric !
> > 
> > On Tue, 2011-09-13 at 16:26 -0400, Eric Paris wrote:
> > > Personally, I'd like to see just 'make' at the top level dir build
> > > properly and I think your patches get us most of the way there without
> > > (further) breaking the building method that sds prefers.
> > > 
> > > If you get your best patch which does nothing but allow us to just type
> > > 'make' at the top level dir and it builds everything properly in place,
> > > I'll review and probably commit such a patch.
> > 
> > Yes, let's get to the point. The latest version of the patch that you
> > should test is attached below. Please note that it also changes the
> > creation of symbolic links to shared libraries (needs to be
> > double-checked for correctness).
> > 
> > diff -pruN selinux/checkpolicy/Makefile selinux-13092011/checkpolicy/Makefile
> > --- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> > +++ selinux-13092011/checkpolicy/Makefile	2011-09-13 02:58:19.314224502 +0200
> > @@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
> >  CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
> >  CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
> >  
> > -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> > +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
> >  
> >  GENERATED=lex.yy.c y.tab.c y.tab.h
> 
> The above will break when building checkpolicy separately.  

Yes it will. But it also avoids linking an existing old static library
when building from the whole git bundle.

Before creating each release of the separate components, that piece of
patch could be reverted or otherwise a script could invoke sed on the
affected Makefiles.

> Ditto for
> the other components that need to reference a static lib.  I think this
> is why we didn't go down this path previously.

See above: reverting a patch or running sed

> BTW, your patch wouldn't quite compile as is for me even aside from this
> issue; you don't seem to have defined LIBDIR in
> policycoreutils/restorecond/Makefile before using it.

You're right. It needs a fix. It wasn't showing up here because I was
passing LIBDIR from the environment, therefore that was getting passed
at each "make" recursion. Thanks very much for pointint that out.

Here is a revised patch:

diff -pruN selinux/checkpolicy/Makefile selinux-13092011-patch-v5/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-13092011-patch-v5/checkpolicy/Makefile	2011-09-15 04:25:47.863171377 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux/checkpolicy/test/Makefile selinux-13092011-patch-v5/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-13092011-patch-v5/checkpolicy/test/Makefile	2011-09-15 04:25:47.863171377 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux/libselinux/src/Makefile selinux-13092011-patch-v5/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-13092011-patch-v5/libselinux/src/Makefile	2011-09-15 04:25:47.909171785 +0200
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pruN selinux/libsemanage/src/Makefile selinux-13092011-patch-v5/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-13092011-patch-v5/libsemanage/src/Makefile	2011-09-15 04:25:47.956172204 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pruN selinux/libsepol/src/Makefile selinux-13092011-patch-v5/libsepol/src/Makefile
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-13092011-patch-v5/libsepol/src/Makefile	2011-09-15 04:25:48.012172702 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	cd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
diff -pruN selinux/Makefile selinux-13092011-patch-v5/Makefile
--- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-13092011-patch-v5/Makefile	2011-09-15 04:25:48.012172702 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-13092011-patch-v5/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-13092011-patch-v5/policycoreutils/audit2allow/Makefile	2011-09-15 04:25:48.069173246 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-13092011-patch-v5/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011-patch-v5/policycoreutils/audit2why/Makefile	2011-09-15 04:25:48.135173776 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-13092011-patch-v5/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-13092011-patch-v5/policycoreutils/load_policy/Makefile	2011-09-15 04:25:48.177174157 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-13092011-patch-v5/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-13092011-patch-v5/policycoreutils/mcstrans/src/Makefile	2011-09-15 04:25:48.216174517 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-13092011-patch-v5/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011-patch-v5/policycoreutils/mcstrans/utils/Makefile	2011-09-15 04:25:48.216174517 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/newrole/Makefile selinux-13092011-patch-v5/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-13092011-patch-v5/policycoreutils/newrole/Makefile	2011-09-15 04:25:48.264174953 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile	2011-09-15 04:28:03.435365416 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pruN selinux/policycoreutils/run_init/Makefile selinux-13092011-patch-v5/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-13092011-patch-v5/policycoreutils/run_init/Makefile	2011-09-15 04:25:48.372175901 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-13092011-patch-v5/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-13092011-patch-v5/policycoreutils/sandbox/Makefile	2011-09-15 04:25:48.448176563 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng 
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-13092011-patch-v5/policycoreutils/scripts/genhomedircon.8
--- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011-patch-v5/policycoreutils/scripts/genhomedircon.8	2011-09-15 04:25:48.516177230 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
 .SH NAME
 genhomedircon \- generate SELinux file context configuration entries for user home directories
 .SH SYNOPSIS
 .B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
 
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
 
 .SH AUTHOR
 This manual page was written by
 .I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)
diff -pruN selinux/policycoreutils/scripts/Makefile selinux-13092011-patch-v5/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-13092011-patch-v5/policycoreutils/scripts/Makefile	2011-09-15 04:25:48.573177727 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
@@ -11,7 +11,10 @@ install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 chcat $(BINDIR)
 	install -m 755 fixfiles $(DESTDIR)/sbin
-	install -m 755 genhomedircon  $(SBINDIR)
+	@echo "#!/bin/sh" > genhomedircon
+	@echo >> genhomedircon
+	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+	install -m 755 genhomedircon $(SBINDIR)
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 fixfiles.8 $(MANDIR)/man8/
 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux/policycoreutils/secon/Makefile selinux-13092011-patch-v5/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011-patch-v5/policycoreutils/secon/Makefile	2011-09-15 04:25:48.573177727 +0200
@@ -1,9 +1,9 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
diff -pruN selinux/policycoreutils/semanage/Makefile selinux-13092011-patch-v5/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semanage/Makefile	2011-09-15 04:25:48.573177727 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pruN selinux/policycoreutils/semodule/Makefile selinux-13092011-patch-v5/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule/Makefile	2011-09-15 04:25:48.574177731 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_deps/Makefile	2011-09-15 04:25:48.574177731 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_expand/Makefile	2011-09-15 04:25:48.574177731 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_link/Makefile	2011-09-15 04:25:48.574177731 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-13092011-patch-v5/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/semodule_package/Makefile	2011-09-15 04:25:48.575177734 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-13092011-patch-v5/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-13092011-patch-v5/policycoreutils/sestatus/Makefile	2011-09-15 04:25:48.575177734 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-13092011-patch-v5/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011-patch-v5/policycoreutils/setfiles/Makefile	2011-09-15 04:25:48.575177734 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-13092011-patch-v5/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-13092011-patch-v5/policycoreutils/setsebool/Makefile	2011-09-15 04:25:48.575177734 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/README selinux-13092011-patch-v5/README
--- selinux/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-13092011-patch-v5/README	2011-09-15 04:25:48.576177737 +0200
@@ -0,0 +1,20 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+The environment variable DESTDIR can be passed to "make" in order to configure a
+specific directory to be used as the root installation directory.
+
+Please see the Makefile(s) for other environment variables that can be used.

Or for Eric, if he only needs the relative diff, here it is:

diff -pruN selinux-13092011-patch-v4/policycoreutils/restorecond/Makefile selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile
--- selinux-13092011-patch-v4/policycoreutils/restorecond/Makefile	2011-09-15 04:35:48.832312253 +0200
+++ selinux-13092011-patch-v5/policycoreutils/restorecond/Makefile	2011-09-15 04:28:03.435365416 +0200
@@ -2,6 +2,7 @@
 PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
 INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR ?= $(DESTDIR)/etc/selinux

I wish to remind you once again that the proposed solution for creating
the links to the versioned shared libraries has not been fully
tested/agreed yet.

In fact, as Stephen pointed out there is a risk that using absolute
symbolic linking instead of relative symbolic linking could actually
result in broken links being distributed in binary packages (i.e.
pointing to the full path on the build system).

Regards,

Guido



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH v5] Fix makefiles for the userspace tools and libraries

[Guido Trentalancia]

Hello Eric,

you are right about the signature and about conforming to the official
patch style and guidelines. I just wanted to discuss things first.

There are still at least two issues that need to be further discussed:

- link creation to versioned shared libraries executables (directory
SHLIBDIR versus LIBDIR and relative versus absolute linking so that it
does not break distribution build scripts and resulting packages);
- creation of individual released components getting broken because a
few SELinux static libraries are now linked in from local sources
instead of from existing system-wide versions.

I can sign and repost the whole thing, but I have now removed the diff
relative to the symbolic link creation:

***

This is a maintenance patch for further testing. It potentially replaces
any other patch previously posted in this same and/or other recent
threads.

Make sure that the SELinux userspace libraries and tools bundle from the
git repository can be built from scratch without requiring existing
SELinux installations (in particular header files) by exploiting the
CURDIR variable (provided by the make tool itself) in the top-level
Makefile only.

Create a top-level README file which is intended to provide a few
details about some of the possible environment variables that can be
configured and passed to the make tool.

Do not hard-code the path to semodule in the genhomedircon script but
rather generate it each time by using PREFIX. Improve the manual page
for genhomedircon.

Replace curly brackets with parentheses for some variables such as
DESTDIR and PREFIX in the Makefiles. Add and make use of LIBDIR and
INCLUDEDIR where appropriate within the Makefiles. Make use of PREFIX
for determining the value of LOCALEDIR within some of the Makefiles. Do
not override the environment variables passed from the command-line for
some of the Makefiles.

Change the default target for *all* Makefiles (even the "hidden" ones)
to "all" from "install", as we cannot install anything without the user
*explicitly* requiring it.

This patch no longer tackles a possible installation issue (creation of
symbolic links to shared libraries using a wrong target file and in a
possibly wrong directory for libselinux, libsepol and libsemanage)
because it needs further discussion/testing/acknowledgement.

Please note that this patch might break the creation of separate
components distributables (i.e. released components) unless parts of
this patch (i.e. linkage of the local version of some static libraries
in certain executables) are reverted (for example by reverting a patch
created for the purpose or by running sed). Use the make_release.sh
script on a cloned tree before creating the released archives. The
original behavior has been modified because otherwise it might create a
really unwanted and even potentially dangerous sort of "cache" when
building the whole userspace SELinux from top-level (a previously-built
static library is used instead of the very latest one) .

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>

---
diff -pruN selinux/checkpolicy/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/Makefile
--- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/Makefile	2011-09-15 05:19:34.850414982 +0200
@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux/checkpolicy/test/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/test/Makefile
--- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/test/Makefile	2011-09-15 05:19:34.850414982 +0200
@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux/libselinux/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/include/Makefile
--- selinux/libselinux/include/Makefile	2011-09-09 20:12:55.981662183 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/include/Makefile	2011-09-15 05:21:20.957262156 +0200
@@ -2,6 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/selinux
 
+all:
+
 install:
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	install -m 644 $(wildcard selinux/*.h) $(INCDIR)
diff -pruN selinux/libselinux/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/man/Makefile
--- selinux/libselinux/man/Makefile	2011-09-09 20:12:55.982662190 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/man/Makefile	2011-09-15 05:21:20.959262094 +0200
@@ -3,6 +3,8 @@ MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
 MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
 MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
 
+all:
+
 install:
 	mkdir -p $(MAN3DIR)
 	mkdir -p $(MAN5DIR)
diff -pruN selinux/libselinux/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/src/Makefile
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/src/Makefile	2011-09-15 05:19:34.857415057 +0200
@@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
diff -pruN selinux/libsemanage/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/include/Makefile
--- selinux/libsemanage/include/Makefile	2011-09-09 20:12:56.001662322 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/include/Makefile	2011-09-15 05:21:20.957262156 +0200
@@ -2,6 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/semanage
 
+all:
+
 install:
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	install -m 644 $(wildcard semanage/*.h) $(INCDIR)
diff -pruN selinux/libsemanage/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/man/Makefile
--- selinux/libsemanage/man/Makefile	2011-09-09 20:12:56.003662337 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/man/Makefile	2011-09-15 05:21:20.959262094 +0200
@@ -1,6 +1,8 @@
 # Installation directories.
 MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
 
+all:
+
 install:
 	mkdir -p $(MAN3DIR)
 	install -m 644 man3/*.3 $(MAN3DIR)
diff -pruN selinux/libsemanage/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/src/Makefile
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/src/Makefile	2011-09-15 05:19:34.858415064 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
diff -pruN selinux/libsepol/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/include/Makefile
--- selinux/libsepol/include/Makefile	2011-09-09 20:12:56.018662447 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/include/Makefile	2011-09-15 05:21:20.957262156 +0200
@@ -2,6 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/sepol
 
+all:
+
 install:
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
diff -pruN selinux/libsepol/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/man/Makefile
--- selinux/libsepol/man/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/man/Makefile	2011-09-15 05:21:20.959262094 +0200
@@ -2,6 +2,8 @@
 MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
 MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
 
+all:
+
 install:
 	mkdir -p $(MAN3DIR)
 	mkdir -p $(MAN8DIR)
diff -pruN selinux/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/Makefile
--- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/Makefile	2011-09-15 05:19:34.858415064 +0200
@@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux/make_release.sh selinux-14092011-patch-v5-do-not-modify-library-link-creation/make_release.sh
--- selinux/make_release.sh	1970-01-01 01:00:00.000000000 +0100
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/make_release.sh	2011-09-15 06:05:41.463331729 +0200
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libselinux/src/Makefile
+sed -i 's/\.\.\/src\/libsemanage\.a/\-L\$(LIBDIR)\/libsemanage.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/\.\.\/libselinux\/src\/libselinux\.a/\-L\$(LIBDIR)\/libselinux\.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/test/Makefile
+sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/utils/Makefile
+sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/src/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/semodule_deps/Makefile
diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2allow/Makefile
--- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2allow/Makefile	2011-09-15 05:19:34.858415064 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2why/Makefile
--- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2why/Makefile	2011-09-15 05:19:34.858415064 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/load_policy/Makefile
--- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/load_policy/Makefile	2011-09-15 05:19:34.859415071 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/mcstrans/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/man/Makefile
--- selinux/policycoreutils/mcstrans/man/Makefile	2011-09-09 20:12:56.036662576 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/man/Makefile	2011-09-15 05:20:35.371897173 +0200
@@ -1,6 +1,8 @@
 # Installation directories.
 MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
 
+all:
+
 install:
 	mkdir -p $(MAN8DIR)
 	install -m 644 man8/*.8 $(MAN8DIR)
diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/src/Makefile
--- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/src/Makefile	2011-09-15 05:19:34.859415071 +0200
@@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/utils/Makefile
--- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/utils/Makefile	2011-09-15 05:19:34.859415071 +0200
@@ -21,7 +21,7 @@ endif
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux/policycoreutils/newrole/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/newrole/Makefile
--- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/newrole/Makefile	2011-09-15 05:19:34.859415071 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/restorecond/Makefile
--- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/restorecond/Makefile	2011-09-15 05:19:34.860415079 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pruN selinux/policycoreutils/run_init/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/run_init/Makefile
--- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/run_init/Makefile	2011-09-15 05:19:34.860415079 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sandbox/Makefile
--- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sandbox/Makefile	2011-09-15 05:19:34.860415079 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lcap-ng 
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/genhomedircon.8
--- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/genhomedircon.8	2011-09-15 05:19:34.860415079 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
 .SH NAME
 genhomedircon \- generate SELinux file context configuration entries for user home directories
 .SH SYNOPSIS
 .B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
 
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
 
 .SH AUTHOR
 This manual page was written by
 .I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)
diff -pruN selinux/policycoreutils/scripts/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/Makefile
--- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/Makefile	2011-09-15 05:19:34.861415088 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
@@ -11,7 +11,10 @@ install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 chcat $(BINDIR)
 	install -m 755 fixfiles $(DESTDIR)/sbin
-	install -m 755 genhomedircon  $(SBINDIR)
+	@echo "#!/bin/sh" > genhomedircon
+	@echo >> genhomedircon
+	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+	install -m 755 genhomedircon $(SBINDIR)
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 fixfiles.8 $(MANDIR)/man8/
 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux/policycoreutils/secon/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/secon/Makefile
--- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/secon/Makefile	2011-09-15 05:19:34.861415088 +0200
@@ -1,9 +1,9 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
diff -pruN selinux/policycoreutils/semanage/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semanage/Makefile
--- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semanage/Makefile	2011-09-15 05:19:34.861415088 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pruN selinux/policycoreutils/semodule/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule/Makefile
--- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule/Makefile	2011-09-15 05:19:34.862415096 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_deps/Makefile
--- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_deps/Makefile	2011-09-15 05:19:34.862415096 +0200
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = ../../libsepol/src/libsepol.a
 
 all: semodule_deps
 
diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_expand/Makefile
--- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_expand/Makefile	2011-09-15 05:19:34.862415096 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_link/Makefile
--- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_link/Makefile	2011-09-15 05:19:34.862415096 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_package/Makefile
--- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_package/Makefile	2011-09-15 05:19:34.863415104 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sestatus/Makefile
--- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sestatus/Makefile	2011-09-15 05:19:34.863415104 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setfiles/Makefile
--- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setfiles/Makefile	2011-09-15 05:19:34.863415104 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setsebool/Makefile
--- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setsebool/Makefile	2011-09-15 05:19:34.863415104 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux/README selinux-14092011-patch-v5-do-not-modify-library-link-creation/README
--- selinux/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/README	2011-09-15 05:19:34.864415112 +0200
@@ -0,0 +1,20 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+The environment variable DESTDIR can be passed to "make" in order to configure a
+specific directory to be used as the root installation directory.
+
+Please see the Makefile(s) for other environment variables that can be used.
diff -pruN selinux/sepolgen/src/sepolgen/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/sepolgen/Makefile
--- selinux/sepolgen/src/sepolgen/Makefile	2011-09-09 20:12:56.080662897 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/sepolgen/Makefile	2011-09-15 05:20:22.403798789 +0200
@@ -1,7 +1,9 @@
 PYTHONLIBDIR ?= $(shell  python -c "from distutils.sysconfig import *; print get_python_lib(1)")
 PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
 
-install:
+all:
+
+install: all
 	-mkdir -p $(PACKAGEDIR)
 	install -m 644 *.py $(PACKAGEDIR)
 
diff -pruN selinux/sepolgen/src/share/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/share/Makefile
--- selinux/sepolgen/src/share/Makefile	2011-09-09 20:12:56.082662911 +0200
+++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/share/Makefile	2011-09-15 05:20:22.404798727 +0200
@@ -1,6 +1,8 @@
 SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
 
-install:
+all:
+
+install: all
 	-mkdir -p $(SHAREDIR)
 	install -m 644 perm_map $(SHAREDIR)
 
After the above patch, other patches are pending: semanage.conf manual
page (might no longer apply cleanly), libsemanage test fix function's
arguments.

Regards,

Guido

On Wed, 2011-09-14 at 15:31 -0400, Eric Paris wrote:
> On Wed, 2011-09-14 at 01:33 +0200, Guido Trentalancia wrote:
> > Another possible improvement could be as follows (libsemanag):
> > 
> > Fix a few calls to semanage_store_access_check() in the libsemanage
> > tests so that a void function is called.
> 
> Please in the future include a line which looks something like the
> following at the end of the comments with all patches you wish to have
> committed:
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> 
> The purpose of this line is to indicate that you have the rights to
> contribute this code to the project and that you agree to license the
> code according to the license(s) of the file(s) that the patch will be
> applied to.
> 
> I prefer patches in the format like the linux kernel: 
> https://github.com/torvalds/linux/blob/master/Documentation/SubmittingPatches
> 
> Basically that entails the subject line of the e-mail is the short
> description of the patch (nothing extra except inside the [])
> 
> The body should be a complete description of what change you made and in
> particular why.  You should mention testing and things like that as
> well.
> 
> The signed-off-by line.
> The last line of the changelog should be just --- (at the beginning of
> the line)
> 
> After the --- line include the patch.
> 
> thanks so much!
> 
> -Eric
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Fix symbolic link creation for the userspace libraries

[Guido Trentalancia]

Eric,

if you really want to use the modified shared library link creation,
then please use one amongst the two following patches, so that at least
it also gets rid of "cd" in favor of "pushd/popd":

- first version of the patch: single link creation in SHLIBDIR rather
than in LIBDIR (with the executable in SHLIBDIR);
- second version of the patch: double link creation (in SHLIBDIR and
also in LIBDIR with the executable in SHLIBDIR);

The first version of the patch might break the link creation for some
distributions (as Stephen predicted and as you confirmed, i.e. leads to
build failure on distributions that do not independently recreate the
symbolic link but rather rely on the original one being in LIBDIR).

The second version of the patch (creation of two links) should not
interfere with the build process from different vendors. At this point
this is the only version which is possibly recommended and in fact it is
the only one which is signed. It still needs testing before eventually
getting committed.

SINGLE (might interfere with the proper creation of a symbolic link in
distributed packages)

Not-signed - Not-recommended

diff -pruN selinux-orig/libselinux/src/Makefile selinux-fix-library-symlink-creation/libselinux/src/Makefile
--- selinux-orig/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-fix-library-symlink-creation/libselinux/src/Makefile	2011-09-15 10:23:09.476450309 +0200
@@ -126,7 +126,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
diff -pruN selinux-orig/libsemanage/src/Makefile selinux-fix-library-symlink-creation/libsemanage/src/Makefile
--- selinux-orig/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-fix-library-symlink-creation/libsemanage/src/Makefile	2011-09-15 10:23:22.244545681 +0200
@@ -139,7 +139,7 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
diff -pruN selinux-orig/libsepol/src/Makefile selinux-fix-library-symlink-creation/libsepol/src/Makefile
--- selinux-orig/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-fix-library-symlink-creation/libsepol/src/Makefile	2011-09-15 10:23:35.519644366 +0200
@@ -43,7 +43,7 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)

DOUBLE (possibly recommended version)

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>

---
--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-14092011-fix-library-double-symlink-creation/libselinux/src/Makefile	2011-09-15 10:51:50.720619457 +0200
@@ -126,7 +126,8 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	pushd $(LIBDIR) && ln -sf $(SHLIBDIR)/$(LIBSO) $(TARGET) && popd
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-14092011-fix-library-double-symlink-creation/libsepol/src/Makefile	2011-09-15 10:52:23.139869859 +0200
@@ -43,7 +43,8 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	pushd $(LIBDIR) && ln -sf $(SHLIBDIR)/$(LIBSO) $(TARGET) && popd
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-14092011-fix-library-double-symlink-creation/libsemanage/src/Makefile	2011-09-15 10:53:01.131163131 +0200
@@ -139,7 +139,8 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	pushd $(LIBDIR) && ln -sf $(SHLIBDIR)/$(LIBSO) $(TARGET) && popd
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages

The second version is always recommended over the first (that's also why
it is the only one that is actually signed). It still needs further
testing.

Regards,

Guido

On Thu, 2011-09-15 at 06:40 +0200, Guido Trentalancia wrote:
> Hello Eric,
> 
> you are right about the signature and about conforming to the official
> patch style and guidelines. I just wanted to discuss things first.
> 
> There are still at least two issues that need to be further discussed:
> 
> - link creation to versioned shared libraries executables (directory
> SHLIBDIR versus LIBDIR and relative versus absolute linking so that it
> does not break distribution build scripts and resulting packages);
> - creation of individual released components getting broken because a
> few SELinux static libraries are now linked in from local sources
> instead of from existing system-wide versions.
> 
> I can sign and repost the whole thing, but I have now removed the diff
> relative to the symbolic link creation:
> 
> ***
> 
> This is a maintenance patch for further testing. It potentially replaces
> any other patch previously posted in this same and/or other recent
> threads.
> 
> Make sure that the SELinux userspace libraries and tools bundle from the
> git repository can be built from scratch without requiring existing
> SELinux installations (in particular header files) by exploiting the
> CURDIR variable (provided by the make tool itself) in the top-level
> Makefile only.
> 
> Create a top-level README file which is intended to provide a few
> details about some of the possible environment variables that can be
> configured and passed to the make tool.
> 
> Do not hard-code the path to semodule in the genhomedircon script but
> rather generate it each time by using PREFIX. Improve the manual page
> for genhomedircon.
> 
> Replace curly brackets with parentheses for some variables such as
> DESTDIR and PREFIX in the Makefiles. Add and make use of LIBDIR and
> INCLUDEDIR where appropriate within the Makefiles. Make use of PREFIX
> for determining the value of LOCALEDIR within some of the Makefiles. Do
> not override the environment variables passed from the command-line for
> some of the Makefiles.
> 
> Change the default target for *all* Makefiles (even the "hidden" ones)
> to "all" from "install", as we cannot install anything without the user
> *explicitly* requiring it.
> 
> This patch no longer tackles a possible installation issue (creation of
> symbolic links to shared libraries using a wrong target file and in a
> possibly wrong directory for libselinux, libsepol and libsemanage)
> because it needs further discussion/testing/acknowledgement.
> 
> Please note that this patch might break the creation of separate
> components distributables (i.e. released components) unless parts of
> this patch (i.e. linkage of the local version of some static libraries
> in certain executables) are reverted (for example by reverting a patch
> created for the purpose or by running sed). Use the make_release.sh
> script on a cloned tree before creating the released archives. The
> original behavior has been modified because otherwise it might create a
> really unwanted and even potentially dangerous sort of "cache" when
> building the whole userspace SELinux from top-level (a previously-built
> static library is used instead of the very latest one) .
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> 
> ---
> diff -pruN selinux/checkpolicy/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/Makefile
> --- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/Makefile	2011-09-15 05:19:34.850414982 +0200
> @@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
>  CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
>  CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
>  
> -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  GENERATED=lex.yy.c y.tab.c y.tab.h
>  
> diff -pruN selinux/checkpolicy/test/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/test/Makefile
> --- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/test/Makefile	2011-09-15 05:19:34.850414982 +0200
> @@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
>  CFLAGS ?= -g -Wall -O2 -pipe
>  override CFLAGS += -I$(INCLUDEDIR)
>  
> -LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
> +LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  all: dispol dismod
>  
> diff -pruN selinux/libselinux/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/include/Makefile
> --- selinux/libselinux/include/Makefile	2011-09-09 20:12:55.981662183 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/include/Makefile	2011-09-15 05:21:20.957262156 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/selinux
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	install -m 644 $(wildcard selinux/*.h) $(INCDIR)
> diff -pruN selinux/libselinux/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/man/Makefile
> --- selinux/libselinux/man/Makefile	2011-09-09 20:12:55.982662190 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/man/Makefile	2011-09-15 05:21:20.959262094 +0200
> @@ -3,6 +3,8 @@ MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>  MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
>  MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN5DIR)
> diff -pruN selinux/libselinux/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/src/Makefile
> --- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/src/Makefile	2011-09-15 05:19:34.857415057 +0200
> @@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
>  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
>  
>  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
>  
>  %.o:  %.c policy.h
>  	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
> diff -pruN selinux/libsemanage/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/include/Makefile
> --- selinux/libsemanage/include/Makefile	2011-09-09 20:12:56.001662322 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/include/Makefile	2011-09-15 05:21:20.957262156 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/semanage
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	install -m 644 $(wildcard semanage/*.h) $(INCDIR)
> diff -pruN selinux/libsemanage/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/man/Makefile
> --- selinux/libsemanage/man/Makefile	2011-09-09 20:12:56.003662337 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/man/Makefile	2011-09-15 05:21:20.959262094 +0200
> @@ -1,6 +1,8 @@
>  # Installation directories.
>  MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	install -m 644 man3/*.3 $(MAN3DIR)
> diff -pruN selinux/libsemanage/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/src/Makefile
> --- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/src/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
>  	$(RANLIB) $@
>  
>  $(LIBSO): $(LOBJS)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>  	ln -sf $@ $(TARGET)
>  
>  $(LIBPC): $(LIBPC).in
> diff -pruN selinux/libsepol/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/include/Makefile
> --- selinux/libsepol/include/Makefile	2011-09-09 20:12:56.018662447 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/include/Makefile	2011-09-15 05:21:20.957262156 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/sepol
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
> diff -pruN selinux/libsepol/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/man/Makefile
> --- selinux/libsepol/man/Makefile	2011-09-09 20:12:56.021662468 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/man/Makefile	2011-09-15 05:21:20.959262094 +0200
> @@ -2,6 +2,8 @@
>  MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>  MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN8DIR)
> diff -pruN selinux/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/Makefile
> --- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
>  DISTCLEANSUBIDRS=libselinux libsemanage
>  
>  ifeq ($(DEBUG),1)
> -	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
> -	export LDFLAGS = -g
> +	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
> +	LDFLAGS += -g
>  endif
>  
> +CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
> +LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
> +export CFLAGS
> +export LDFLAGS
> +
>  all install relabel clean test indent:
>  	@for subdir in $(SUBDIRS); do \
>  		(cd $$subdir && $(MAKE) $@) || exit 1; \
> diff -pruN selinux/make_release.sh selinux-14092011-patch-v5-do-not-modify-library-link-creation/make_release.sh
> --- selinux/make_release.sh	1970-01-01 01:00:00.000000000 +0100
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/make_release.sh	2011-09-15 06:05:41.463331729 +0200
> @@ -0,0 +1,11 @@
> +#!/bin/sh
> +
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libselinux/src/Makefile
> +sed -i 's/\.\.\/src\/libsemanage\.a/\-L\$(LIBDIR)\/libsemanage.a/g' libsemanage/tests/Makefile
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libsemanage/tests/Makefile
> +sed -i 's/\.\.\/\.\.\/libselinux\/src\/libselinux\.a/\-L\$(LIBDIR)\/libselinux\.a/g' libsemanage/tests/Makefile
> +sed -i 's/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/Makefile
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/test/Makefile
> +sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/utils/Makefile
> +sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/src/Makefile
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/semodule_deps/Makefile
> diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2allow/Makefile
> --- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2allow/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  all: ;
>  
> diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2why/Makefile
> --- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2why/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -1,5 +1,5 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
>  
> diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/load_policy/Makefile
> --- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/load_policy/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -1,13 +1,15 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(DESTDIR)/sbin
>  USRSBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> +override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lsepol -lselinux -L$(LIBDIR)
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -pruN selinux/policycoreutils/mcstrans/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/man/Makefile
> --- selinux/policycoreutils/mcstrans/man/Makefile	2011-09-09 20:12:56.036662576 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/man/Makefile	2011-09-15 05:20:35.371897173 +0200
> @@ -1,6 +1,8 @@
>  # Installation directories.
>  MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN8DIR)
>  	install -m 644 man8/*.8 $(MAN8DIR)
> diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/src/Makefile
> --- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/src/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
>  all: $(PROG)
>  
>  $(PROG): $(PROG_OBJS)
> -	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
> +	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
>  
>  %.o:  %.c 
>  	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
> diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/utils/Makefile
> --- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/utils/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -21,7 +21,7 @@ endif
>  
>  CFLAGS ?= -Wall
>  override CFLAGS += -I../src -D_GNU_SOURCE
> -LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
> +LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -pruN selinux/policycoreutils/newrole/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/newrole/Makefile
> --- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/newrole/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -1,9 +1,11 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  ETCDIR ?= $(DESTDIR)/etc
> -LOCALEDIR = /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  # Enable capabilities to permit newrole to generate audit records.
> @@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
>  
>  CFLAGS ?= -Werror -Wall -W
>  EXTRA_OBJS =
> -override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR)
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
>  	EXTRA_OBJS += hashtab.o
> diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/restorecond/Makefile
> --- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/restorecond/Makefile	2011-09-15 05:19:34.860415079 +0200
> @@ -1,13 +1,15 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -INITDIR = $(DESTDIR)/etc/rc.d/init.d
> -SELINUXDIR = $(DESTDIR)/etc/selinux
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
> +MANDIR ?= $(PREFIX)/share/man
> +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> +SELINUXDIR ?= $(DESTDIR)/etc/selinux
>  
>  CFLAGS ?= -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
> +LDLIBS += -lselinux -L$(LIBDIR)
>  
>  all: restorecond
>  
> diff -pruN selinux/policycoreutils/run_init/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/run_init/Makefile
> --- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/run_init/Makefile	2011-09-15 05:19:34.860415079 +0200
> @@ -1,16 +1,17 @@
> -
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  ETCDIR ?= $(DESTDIR)/etc
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR)
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
>  	LDLIBS += -lpam -lpam_misc
> diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sandbox/Makefile
> --- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sandbox/Makefile	2011-09-15 05:19:34.860415079 +0200
> @@ -1,14 +1,16 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> -INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
> -SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
> +PREFIX ?= $(DESTDIR)/usr
> +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
> +SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
>  BINDIR ?= $(PREFIX)/bin
>  SBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  SHAREDIR ?= $(PREFIX)/share/sandbox
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -lcap-ng 
> +override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
>  
>  all: sandbox seunshare sandboxX.sh start
>  
> diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/genhomedircon.8
> --- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/genhomedircon.8	2011-09-15 05:19:34.860415079 +0200
> @@ -1,37 +1,21 @@
> -.\" Hey, Emacs! This is an -*- nroff -*- source file.
> -.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
> -.\"
> -.\" This is free documentation; you can redistribute it and/or
> -.\" modify it under the terms of the GNU General Public License as
> -.\" published by the Free Software Foundation; either version 2 of
> -.\" the License, or (at your option) any later version.
> -.\"
> -.\" The GNU General Public License's references to "object code"
> -.\" and "executables" are to be interpreted as the output of any
> -.\" document formatting or typesetting system, including
> -.\" intermediate and printed output.
> -.\"
> -.\" This manual is distributed in the hope that it will be useful,
> -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
> -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> -.\" GNU General Public License for more details.
> -.\"
> -.\" You should have received a copy of the GNU General Public
> -.\" License along with this manual; if not, write to the Free
> -.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
> -.\" USA.
> -.\"
> -.\"
> -.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
> +.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
>  .SH NAME
>  genhomedircon \- generate SELinux file context configuration entries for user home directories
>  .SH SYNOPSIS
>  .B genhomedircon
> -is a script that executes semodule to rebuild policy and create the
> -labels for HOMEDIRS based on home directories returned by the getpw calls.
> +is a script that executes
> +.B semodule
> +to rebuild the SELinux policy and to create the
> +labels for each user home directory based on directory paths returned by calls to getpwent().
>  
> -This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
> +This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
> +(such flag can either take the value "true" or "false" and by default it is set to "true").
>  
>  .SH AUTHOR
>  This manual page was written by
>  .I Dan Walsh <dwalsh@redhat.com>
> +
> +The supporting functionality in the semanage library was written by Tresys Technology.
> +
> +.SH "SEE ALSO"
> +semodule(8), getpwent(3), getpwent_r(3)
> diff -pruN selinux/policycoreutils/scripts/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/Makefile
> --- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/Makefile	2011-09-15 05:19:34.861415088 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  SBINDIR ?= $(PREFIX)/sbin
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  all: fixfiles genhomedircon chcat
>  
> @@ -11,7 +11,10 @@ install: all
>  	-mkdir -p $(BINDIR)
>  	install -m 755 chcat $(BINDIR)
>  	install -m 755 fixfiles $(DESTDIR)/sbin
> -	install -m 755 genhomedircon  $(SBINDIR)
> +	@echo "#!/bin/sh" > genhomedircon
> +	@echo >> genhomedircon
> +	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
> +	install -m 755 genhomedircon $(SBINDIR)
>  	-mkdir -p $(MANDIR)/man8
>  	install -m 644 fixfiles.8 $(MANDIR)/man8/
>  	install -m 644 genhomedircon.8 $(MANDIR)/man8/
> diff -pruN selinux/policycoreutils/secon/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/secon/Makefile
> --- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/secon/Makefile	2011-09-15 05:19:34.861415088 +0200
> @@ -1,9 +1,9 @@
>  # secon tool - command-line context
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
>  WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
>  VERSION = $(shell cat ../VERSION)
> diff -pruN selinux/policycoreutils/semanage/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semanage/Makefile
> --- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semanage/Makefile	2011-09-15 05:19:34.861415088 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  LIBDIR ?= $(PREFIX)/lib
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> +MANDIR ?= $(PREFIX)/share/man
>  PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
>  PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
>  
> diff -pruN selinux/policycoreutils/semodule/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule/Makefile
> --- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -2,8 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_deps/Makefile
> --- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_deps/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -1,13 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = $(LIBDIR)/libsepol.a
> +LDLIBS = ../../libsepol/src/libsepol.a
>  
>  all: semodule_deps
>  
> diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_expand/Makefile
> --- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_expand/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_link/Makefile
> --- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_link/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_package/Makefile
> --- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_package/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sestatus/Makefile
> --- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sestatus/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -1,12 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
>  ETCDIR ?= $(DESTDIR)/etc
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
> -CFLAGS = -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> +CFLAGS ?= -Werror -Wall -W
> +override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
>  LDLIBS = -lselinux -L$(LIBDIR)
>  
>  all: sestatus
> diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setfiles/Makefile
> --- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setfiles/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -1,12 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(DESTDIR)/sbin
> -MANDIR = $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
>  LIBDIR ?= $(PREFIX)/lib
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
> -CFLAGS = -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include
> +CFLAGS ?= -g -Werror -Wall -W
> +override CFLAGS += -I$(INCLUDEDIR)
>  LDLIBS = -lselinux -lsepol -L$(LIBDIR)
>  
>  ifeq (${AUDITH}, /usr/include/libaudit.h)
> diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setsebool/Makefile
> --- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setsebool/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -2,8 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/README selinux-14092011-patch-v5-do-not-modify-library-link-creation/README
> --- selinux/README	1970-01-01 01:00:00.000000000 +0100
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/README	2011-09-15 05:19:34.864415112 +0200
> @@ -0,0 +1,20 @@
> +INSTALLATION:
> +
> +Type "make" to build and then "make install" to install.
> +
> +---
> +
> +The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
> +and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
> +
> +The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
> +different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
> +on 64-bit systems).
> +
> +The environment variable PREFIX can be passed to "make" in order to configure an install
> +prefix other than "/usr".
> +
> +The environment variable DESTDIR can be passed to "make" in order to configure a
> +specific directory to be used as the root installation directory.
> +
> +Please see the Makefile(s) for other environment variables that can be used.
> diff -pruN selinux/sepolgen/src/sepolgen/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/sepolgen/Makefile
> --- selinux/sepolgen/src/sepolgen/Makefile	2011-09-09 20:12:56.080662897 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/sepolgen/Makefile	2011-09-15 05:20:22.403798789 +0200
> @@ -1,7 +1,9 @@
>  PYTHONLIBDIR ?= $(shell  python -c "from distutils.sysconfig import *; print get_python_lib(1)")
>  PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
>  
> -install:
> +all:
> +
> +install: all
>  	-mkdir -p $(PACKAGEDIR)
>  	install -m 644 *.py $(PACKAGEDIR)
>  
> diff -pruN selinux/sepolgen/src/share/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/share/Makefile
> --- selinux/sepolgen/src/share/Makefile	2011-09-09 20:12:56.082662911 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/share/Makefile	2011-09-15 05:20:22.404798727 +0200
> @@ -1,6 +1,8 @@
>  SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
>  
> -install:
> +all:
> +
> +install: all
>  	-mkdir -p $(SHAREDIR)
>  	install -m 644 perm_map $(SHAREDIR)
>  
> After the above patch, other patches are pending: semanage.conf manual
> page (might no longer apply cleanly), libsemanage test fix function's
> arguments.
> 
> Regards,
> 
> Guido
> 
> On Wed, 2011-09-14 at 15:31 -0400, Eric Paris wrote:
> > On Wed, 2011-09-14 at 01:33 +0200, Guido Trentalancia wrote:
> > > Another possible improvement could be as follows (libsemanag):
> > > 
> > > Fix a few calls to semanage_store_access_check() in the libsemanage
> > > tests so that a void function is called.
> > 
> > Please in the future include a line which looks something like the
> > following at the end of the comments with all patches you wish to have
> > committed:
> > 
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> > 
> > The purpose of this line is to indicate that you have the rights to
> > contribute this code to the project and that you agree to license the
> > code according to the license(s) of the file(s) that the patch will be
> > applied to.
> > 
> > I prefer patches in the format like the linux kernel: 
> > https://github.com/torvalds/linux/blob/master/Documentation/SubmittingPatches
> > 
> > Basically that entails the subject line of the e-mail is the short
> > description of the patch (nothing extra except inside the [])
> > 
> > The body should be a complete description of what change you made and in
> > particular why.  You should mention testing and things like that as
> > well.
> > 
> > The signed-off-by line.
> > The last line of the changelog should be just --- (at the beginning of
> > the line)
> > 
> > After the --- line include the patch.
> > 
> > thanks so much!
> > 
> > -Eric
> > 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH v5] Fix makefiles for the userspace tools and libraries

[Guido Trentalancia]

I just realised that the new make_release.sh script generated by the
previously attached patch contains typos (wrong compiler flag being
substituted).

I do apologize but it should be integrated with the following (manual
removal of "\-L") or otherwise passed through sed 's/\-L//g':

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>

---
--- selinux-fix-library-double-symlink-creation/make_release.sh	2011-09-15 10:30:20.923658786 +0200
+++ selinux-fix-library-double-symlink-creation-corrected/make_release.sh	2011-09-15 13:21:50.210774801 +0200
@@ -1,11 +1,11 @@
 #!/bin/sh
 
-sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libselinux/src/Makefile
-sed -i 's/\.\.\/src\/libsemanage\.a/\-L\$(LIBDIR)\/libsemanage.a/g' libsemanage/tests/Makefile
-sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libsemanage/tests/Makefile
-sed -i 's/\.\.\/\.\.\/libselinux\/src\/libselinux\.a/\-L\$(LIBDIR)\/libselinux\.a/g' libsemanage/tests/Makefile
-sed -i 's/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/Makefile
-sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/test/Makefile
-sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/utils/Makefile
-sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/src/Makefile
-sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/semodule_deps/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' libselinux/src/Makefile
+sed -i 's/\.\.\/src\/libsemanage\.a/\$(LIBDIR)\/libsemanage.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/\.\.\/libselinux\/src\/libselinux\.a/\$(LIBDIR)\/libselinux\.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' checkpolicy/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' checkpolicy/test/Makefile
+sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/utils/Makefile
+sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/src/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' policycoreutils/semodule_deps/Makefile

Thanks.

Or creation from scratch would be:

diff -pruN selinux/make_releash.sh/make_release.sh selinux-14092011-fix-library-double-symlink-creation-make_release.sh/make_release.sh
--- selinux/make_releash.sh/make_release.sh	1970-01-01 01:00:00.000000000 +0100
+++ selinux-14092011-fix-library-double-symlink-creation-make_release.sh/make_release.sh	2011-09-15 13:45:39.254430205 +0200
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' libselinux/src/Makefile
+sed -i 's/\.\.\/src\/libsemanage\.a/\$(LIBDIR)\/libsemanage.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/\.\.\/libselinux\/src\/libselinux\.a/\$(LIBDIR)\/libselinux\.a/g' libsemanage/tests/Makefile
+sed -i 's/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' checkpolicy/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' checkpolicy/test/Makefile
+sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/utils/Makefile
+sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/src/Makefile
+sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\$(LIBDIR)\/libsepol\.a/g' policycoreutils/semodule_deps/Makefile

A script which does the opposite could also be created if needed.

The same thing can be achieved in other ways too (which, for example, do
not require manual reconfiguration such as blindly substituting all the
possible relative local file paths with the absolute system-wide ones in
all makefiles).

It's intended as a starting point for sorting out the issue which arises
as a side-effect of applying the patch mentioned in the subject.

Other solutions are also welcome.

Guido

On Thu, 2011-09-15 at 06:40 +0200, Guido Trentalancia wrote:
> Hello Eric,
> 
> you are right about the signature and about conforming to the official
> patch style and guidelines. I just wanted to discuss things first.
> 
> There are still at least two issues that need to be further discussed:
> 
> - link creation to versioned shared libraries executables (directory
> SHLIBDIR versus LIBDIR and relative versus absolute linking so that it
> does not break distribution build scripts and resulting packages);
> - creation of individual released components getting broken because a
> few SELinux static libraries are now linked in from local sources
> instead of from existing system-wide versions.
> 
> I can sign and repost the whole thing, but I have now removed the diff
> relative to the symbolic link creation:
> 
> ***
> 
> This is a maintenance patch for further testing. It potentially replaces
> any other patch previously posted in this same and/or other recent
> threads.
> 
> Make sure that the SELinux userspace libraries and tools bundle from the
> git repository can be built from scratch without requiring existing
> SELinux installations (in particular header files) by exploiting the
> CURDIR variable (provided by the make tool itself) in the top-level
> Makefile only.
> 
> Create a top-level README file which is intended to provide a few
> details about some of the possible environment variables that can be
> configured and passed to the make tool.
> 
> Do not hard-code the path to semodule in the genhomedircon script but
> rather generate it each time by using PREFIX. Improve the manual page
> for genhomedircon.
> 
> Replace curly brackets with parentheses for some variables such as
> DESTDIR and PREFIX in the Makefiles. Add and make use of LIBDIR and
> INCLUDEDIR where appropriate within the Makefiles. Make use of PREFIX
> for determining the value of LOCALEDIR within some of the Makefiles. Do
> not override the environment variables passed from the command-line for
> some of the Makefiles.
> 
> Change the default target for *all* Makefiles (even the "hidden" ones)
> to "all" from "install", as we cannot install anything without the user
> *explicitly* requiring it.
> 
> This patch no longer tackles a possible installation issue (creation of
> symbolic links to shared libraries using a wrong target file and in a
> possibly wrong directory for libselinux, libsepol and libsemanage)
> because it needs further discussion/testing/acknowledgement.
> 
> Please note that this patch might break the creation of separate
> components distributables (i.e. released components) unless parts of
> this patch (i.e. linkage of the local version of some static libraries
> in certain executables) are reverted (for example by reverting a patch
> created for the purpose or by running sed). Use the make_release.sh
> script on a cloned tree before creating the released archives. The
> original behavior has been modified because otherwise it might create a
> really unwanted and even potentially dangerous sort of "cache" when
> building the whole userspace SELinux from top-level (a previously-built
> static library is used instead of the very latest one) .
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> 
> ---
> diff -pruN selinux/checkpolicy/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/Makefile
> --- selinux/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/Makefile	2011-09-15 05:19:34.850414982 +0200
> @@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
>  CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
>  CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
>  
> -LDLIBS=$(LIBDIR)/libsepol.a -lfl
> +LDLIBS=../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  GENERATED=lex.yy.c y.tab.c y.tab.h
>  
> diff -pruN selinux/checkpolicy/test/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/test/Makefile
> --- selinux/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/checkpolicy/test/Makefile	2011-09-15 05:19:34.850414982 +0200
> @@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
>  CFLAGS ?= -g -Wall -O2 -pipe
>  override CFLAGS += -I$(INCLUDEDIR)
>  
> -LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
> +LDLIBS=-lsepol -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -lfl
>  
>  all: dispol dismod
>  
> diff -pruN selinux/libselinux/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/include/Makefile
> --- selinux/libselinux/include/Makefile	2011-09-09 20:12:55.981662183 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/include/Makefile	2011-09-15 05:21:20.957262156 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/selinux
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	install -m 644 $(wildcard selinux/*.h) $(INCDIR)
> diff -pruN selinux/libselinux/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/man/Makefile
> --- selinux/libselinux/man/Makefile	2011-09-09 20:12:55.982662190 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/man/Makefile	2011-09-15 05:21:20.959262094 +0200
> @@ -3,6 +3,8 @@ MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>  MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
>  MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN5DIR)
> diff -pruN selinux/libselinux/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/src/Makefile
> --- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libselinux/src/Makefile	2011-09-15 05:19:34.857415057 +0200
> @@ -102,7 +102,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
>  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
>  
>  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ../../libsepol/src/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
>  
>  %.o:  %.c policy.h
>  	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
> diff -pruN selinux/libsemanage/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/include/Makefile
> --- selinux/libsemanage/include/Makefile	2011-09-09 20:12:56.001662322 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/include/Makefile	2011-09-15 05:21:20.957262156 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/semanage
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	install -m 644 $(wildcard semanage/*.h) $(INCDIR)
> diff -pruN selinux/libsemanage/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/man/Makefile
> --- selinux/libsemanage/man/Makefile	2011-09-09 20:12:56.003662337 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/man/Makefile	2011-09-15 05:21:20.959262094 +0200
> @@ -1,6 +1,8 @@
>  # Installation directories.
>  MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	install -m 644 man3/*.3 $(MAN3DIR)
> diff -pruN selinux/libsemanage/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/src/Makefile
> --- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsemanage/src/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
>  	$(RANLIB) $@
>  
>  $(LIBSO): $(LOBJS)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>  	ln -sf $@ $(TARGET)
>  
>  $(LIBPC): $(LIBPC).in
> diff -pruN selinux/libsepol/include/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/include/Makefile
> --- selinux/libsepol/include/Makefile	2011-09-09 20:12:56.018662447 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/include/Makefile	2011-09-15 05:21:20.957262156 +0200
> @@ -2,6 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCDIR ?= $(PREFIX)/include/sepol
>  
> +all:
> +
>  install:
>  	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>  	test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
> diff -pruN selinux/libsepol/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/man/Makefile
> --- selinux/libsepol/man/Makefile	2011-09-09 20:12:56.021662468 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/libsepol/man/Makefile	2011-09-15 05:21:20.959262094 +0200
> @@ -2,6 +2,8 @@
>  MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>  MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN3DIR)
>  	mkdir -p $(MAN8DIR)
> diff -pruN selinux/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/Makefile
> --- selinux/Makefile	2011-09-09 20:12:55.977662144 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -3,10 +3,15 @@ PYSUBDIRS=libselinux libsemanage
>  DISTCLEANSUBIDRS=libselinux libsemanage
>  
>  ifeq ($(DEBUG),1)
> -	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
> -	export LDFLAGS = -g
> +	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
> +	LDFLAGS += -g
>  endif
>  
> +CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
> +LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
> +export CFLAGS
> +export LDFLAGS
> +
>  all install relabel clean test indent:
>  	@for subdir in $(SUBDIRS); do \
>  		(cd $$subdir && $(MAKE) $@) || exit 1; \
> diff -pruN selinux/make_release.sh selinux-14092011-patch-v5-do-not-modify-library-link-creation/make_release.sh
> --- selinux/make_release.sh	1970-01-01 01:00:00.000000000 +0100
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/make_release.sh	2011-09-15 06:05:41.463331729 +0200
> @@ -0,0 +1,11 @@
> +#!/bin/sh
> +
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libselinux/src/Makefile
> +sed -i 's/\.\.\/src\/libsemanage\.a/\-L\$(LIBDIR)\/libsemanage.a/g' libsemanage/tests/Makefile
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' libsemanage/tests/Makefile
> +sed -i 's/\.\.\/\.\.\/libselinux\/src\/libselinux\.a/\-L\$(LIBDIR)\/libselinux\.a/g' libsemanage/tests/Makefile
> +sed -i 's/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/Makefile
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' checkpolicy/test/Makefile
> +sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/utils/Makefile
> +sed -i 's/\.\.\/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/mcstrans/src/Makefile
> +sed -i 's/\.\.\/\.\.\/libsepol\/src\/libsepol\.a/\-L\$(LIBDIR)\/libsepol\.a/g' policycoreutils/semodule_deps/Makefile
> diff -pruN selinux/policycoreutils/audit2allow/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2allow/Makefile
> --- selinux/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2allow/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  all: ;
>  
> diff -pruN selinux/policycoreutils/audit2why/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2why/Makefile
> --- selinux/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/audit2why/Makefile	2011-09-15 05:19:34.858415064 +0200
> @@ -1,5 +1,5 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
>  
> diff -pruN selinux/policycoreutils/load_policy/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/load_policy/Makefile
> --- selinux/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/load_policy/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -1,13 +1,15 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(DESTDIR)/sbin
>  USRSBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
> +override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lsepol -lselinux -L$(LIBDIR)
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -pruN selinux/policycoreutils/mcstrans/man/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/man/Makefile
> --- selinux/policycoreutils/mcstrans/man/Makefile	2011-09-09 20:12:56.036662576 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/man/Makefile	2011-09-15 05:20:35.371897173 +0200
> @@ -1,6 +1,8 @@
>  # Installation directories.
>  MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>  
> +all:
> +
>  install:
>  	mkdir -p $(MAN8DIR)
>  	install -m 644 man8/*.8 $(MAN8DIR)
> diff -pruN selinux/policycoreutils/mcstrans/src/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/src/Makefile
> --- selinux/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/src/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -28,7 +28,7 @@ override CFLAGS += -I../include -D_GNU_S
>  all: $(PROG)
>  
>  $(PROG): $(PROG_OBJS)
> -	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
> +	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux ../../../libsepol/src/libsepol.a -L$(LIBDIR) -lcap -lpcre
>  
>  %.o:  %.c 
>  	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
> diff -pruN selinux/policycoreutils/mcstrans/utils/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/utils/Makefile
> --- selinux/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/mcstrans/utils/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -21,7 +21,7 @@ endif
>  
>  CFLAGS ?= -Wall
>  override CFLAGS += -I../src -D_GNU_SOURCE
> -LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
> +LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre ../../../libsepol/src/libsepol.a
>  
>  TARGETS=$(patsubst %.c,%,$(wildcard *.c))
>  
> diff -pruN selinux/policycoreutils/newrole/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/newrole/Makefile
> --- selinux/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/newrole/Makefile	2011-09-15 05:19:34.859415071 +0200
> @@ -1,9 +1,11 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  ETCDIR ?= $(DESTDIR)/etc
> -LOCALEDIR = /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  # Enable capabilities to permit newrole to generate audit records.
> @@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
>  
>  CFLAGS ?= -Werror -Wall -W
>  EXTRA_OBJS =
> -override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR)
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
>  	EXTRA_OBJS += hashtab.o
> diff -pruN selinux/policycoreutils/restorecond/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/restorecond/Makefile
> --- selinux/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/restorecond/Makefile	2011-09-15 05:19:34.860415079 +0200
> @@ -1,13 +1,15 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -INITDIR = $(DESTDIR)/etc/rc.d/init.d
> -SELINUXDIR = $(DESTDIR)/etc/selinux
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
> +MANDIR ?= $(PREFIX)/share/man
> +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> +SELINUXDIR ?= $(DESTDIR)/etc/selinux
>  
>  CFLAGS ?= -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
> +LDLIBS += -lselinux -L$(LIBDIR)
>  
>  all: restorecond
>  
> diff -pruN selinux/policycoreutils/run_init/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/run_init/Makefile
> --- selinux/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/run_init/Makefile	2011-09-15 05:19:34.860415079 +0200
> @@ -1,16 +1,17 @@
> -
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  ETCDIR ?= $(DESTDIR)/etc
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
>  CFLAGS ?= -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -L$(PREFIX)/lib
> +override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR)
>  ifeq (${PAMH}, /usr/include/security/pam_appl.h)
>  	override CFLAGS += -DUSE_PAM
>  	LDLIBS += -lpam -lpam_misc
> diff -pruN selinux/policycoreutils/sandbox/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sandbox/Makefile
> --- selinux/policycoreutils/sandbox/Makefile	2011-09-09 20:12:56.073662844 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sandbox/Makefile	2011-09-15 05:19:34.860415079 +0200
> @@ -1,14 +1,16 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> -INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
> -SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
> +PREFIX ?= $(DESTDIR)/usr
> +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
> +SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
>  BINDIR ?= $(PREFIX)/bin
>  SBINDIR ?= $(PREFIX)/sbin
> +INCLUDEDIR ?= $(PREFIX)/include
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  SHAREDIR ?= $(PREFIX)/share/sandbox
> -override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
> -LDLIBS += -lselinux -lcap-ng 
> +override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\""
> +LDLIBS += -lselinux -L$(LIBDIR) -lcap-ng
>  
>  all: sandbox seunshare sandboxX.sh start
>  
> diff -pruN selinux/policycoreutils/scripts/genhomedircon.8 selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/genhomedircon.8
> --- selinux/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/genhomedircon.8	2011-09-15 05:19:34.860415079 +0200
> @@ -1,37 +1,21 @@
> -.\" Hey, Emacs! This is an -*- nroff -*- source file.
> -.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
> -.\"
> -.\" This is free documentation; you can redistribute it and/or
> -.\" modify it under the terms of the GNU General Public License as
> -.\" published by the Free Software Foundation; either version 2 of
> -.\" the License, or (at your option) any later version.
> -.\"
> -.\" The GNU General Public License's references to "object code"
> -.\" and "executables" are to be interpreted as the output of any
> -.\" document formatting or typesetting system, including
> -.\" intermediate and printed output.
> -.\"
> -.\" This manual is distributed in the hope that it will be useful,
> -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
> -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> -.\" GNU General Public License for more details.
> -.\"
> -.\" You should have received a copy of the GNU General Public
> -.\" License along with this manual; if not, write to the Free
> -.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
> -.\" USA.
> -.\"
> -.\"
> -.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
> +.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
>  .SH NAME
>  genhomedircon \- generate SELinux file context configuration entries for user home directories
>  .SH SYNOPSIS
>  .B genhomedircon
> -is a script that executes semodule to rebuild policy and create the
> -labels for HOMEDIRS based on home directories returned by the getpw calls.
> +is a script that executes
> +.B semodule
> +to rebuild the SELinux policy and to create the
> +labels for each user home directory based on directory paths returned by calls to getpwent().
>  
> -This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
> +This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
> +(such flag can either take the value "true" or "false" and by default it is set to "true").
>  
>  .SH AUTHOR
>  This manual page was written by
>  .I Dan Walsh <dwalsh@redhat.com>
> +
> +The supporting functionality in the semanage library was written by Tresys Technology.
> +
> +.SH "SEE ALSO"
> +semodule(8), getpwent(3), getpwent_r(3)
> diff -pruN selinux/policycoreutils/scripts/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/Makefile
> --- selinux/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/scripts/Makefile	2011-09-15 05:19:34.861415088 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  BINDIR ?= $(PREFIX)/bin
>  SBINDIR ?= $(PREFIX)/sbin
>  MANDIR ?= $(PREFIX)/share/man
> -LOCALEDIR ?= /usr/share/locale
> +LOCALEDIR ?= $(PREFIX)/share/locale
>  
>  all: fixfiles genhomedircon chcat
>  
> @@ -11,7 +11,10 @@ install: all
>  	-mkdir -p $(BINDIR)
>  	install -m 755 chcat $(BINDIR)
>  	install -m 755 fixfiles $(DESTDIR)/sbin
> -	install -m 755 genhomedircon  $(SBINDIR)
> +	@echo "#!/bin/sh" > genhomedircon
> +	@echo >> genhomedircon
> +	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
> +	install -m 755 genhomedircon $(SBINDIR)
>  	-mkdir -p $(MANDIR)/man8
>  	install -m 644 fixfiles.8 $(MANDIR)/man8/
>  	install -m 644 genhomedircon.8 $(MANDIR)/man8/
> diff -pruN selinux/policycoreutils/secon/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/secon/Makefile
> --- selinux/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/secon/Makefile	2011-09-15 05:19:34.861415088 +0200
> @@ -1,9 +1,9 @@
>  # secon tool - command-line context
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
>  WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
>  VERSION = $(shell cat ../VERSION)
> diff -pruN selinux/policycoreutils/semanage/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semanage/Makefile
> --- selinux/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semanage/Makefile	2011-09-15 05:19:34.861415088 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  LIBDIR ?= $(PREFIX)/lib
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> +MANDIR ?= $(PREFIX)/share/man
>  PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
>  PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
>  
> diff -pruN selinux/policycoreutils/semodule/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule/Makefile
> --- selinux/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -2,8 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/policycoreutils/semodule_deps/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_deps/Makefile
> --- selinux/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_deps/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -1,13 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> -LDLIBS = $(LIBDIR)/libsepol.a
> +LDLIBS = ../../libsepol/src/libsepol.a
>  
>  all: semodule_deps
>  
> diff -pruN selinux/policycoreutils/semodule_expand/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_expand/Makefile
> --- selinux/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_expand/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> diff -pruN selinux/policycoreutils/semodule_link/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_link/Makefile
> --- selinux/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_link/Makefile	2011-09-15 05:19:34.862415096 +0200
> @@ -1,9 +1,9 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
>  MANDIR ?= $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/policycoreutils/semodule_package/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_package/Makefile
> --- selinux/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/semodule_package/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -1,8 +1,8 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  BINDIR ?= $(PREFIX)/bin
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  MANDIR ?= $(PREFIX)/share/man
>  
>  CFLAGS ?= -Werror -Wall -W
> diff -pruN selinux/policycoreutils/sestatus/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sestatus/Makefile
> --- selinux/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/sestatus/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -1,12 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
>  ETCDIR ?= $(DESTDIR)/etc
> -LIBDIR ?= ${PREFIX}/lib
> +LIBDIR ?= $(PREFIX)/lib
>  
> -CFLAGS = -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
> +CFLAGS ?= -Werror -Wall -W
> +override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
>  LDLIBS = -lselinux -L$(LIBDIR)
>  
>  all: sestatus
> diff -pruN selinux/policycoreutils/setfiles/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setfiles/Makefile
> --- selinux/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setfiles/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -1,12 +1,13 @@
>  # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= $(DESTDIR)/usr
>  SBINDIR ?= $(DESTDIR)/sbin
> -MANDIR = $(PREFIX)/share/man
> +INCLUDEDIR ?= $(PREFIX)/include
> +MANDIR ?= $(PREFIX)/share/man
>  LIBDIR ?= $(PREFIX)/lib
>  AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
>  
> -CFLAGS = -g -Werror -Wall -W
> -override CFLAGS += -I$(PREFIX)/include
> +CFLAGS ?= -g -Werror -Wall -W
> +override CFLAGS += -I$(INCLUDEDIR)
>  LDLIBS = -lselinux -lsepol -L$(LIBDIR)
>  
>  ifeq (${AUDITH}, /usr/include/libaudit.h)
> diff -pruN selinux/policycoreutils/setsebool/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setsebool/Makefile
> --- selinux/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/policycoreutils/setsebool/Makefile	2011-09-15 05:19:34.863415104 +0200
> @@ -2,8 +2,8 @@
>  PREFIX ?= $(DESTDIR)/usr
>  INCLUDEDIR ?= $(PREFIX)/include
>  SBINDIR ?= $(PREFIX)/sbin
> -MANDIR = $(PREFIX)/share/man
> -LIBDIR ?= ${PREFIX}/lib
> +MANDIR ?= $(PREFIX)/share/man
> +LIBDIR ?= $(PREFIX)/lib
>  
>  CFLAGS ?= -Werror -Wall -W
>  override CFLAGS += -I$(INCLUDEDIR)
> diff -pruN selinux/README selinux-14092011-patch-v5-do-not-modify-library-link-creation/README
> --- selinux/README	1970-01-01 01:00:00.000000000 +0100
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/README	2011-09-15 05:19:34.864415112 +0200
> @@ -0,0 +1,20 @@
> +INSTALLATION:
> +
> +Type "make" to build and then "make install" to install.
> +
> +---
> +
> +The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
> +and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
> +
> +The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
> +different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
> +on 64-bit systems).
> +
> +The environment variable PREFIX can be passed to "make" in order to configure an install
> +prefix other than "/usr".
> +
> +The environment variable DESTDIR can be passed to "make" in order to configure a
> +specific directory to be used as the root installation directory.
> +
> +Please see the Makefile(s) for other environment variables that can be used.
> diff -pruN selinux/sepolgen/src/sepolgen/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/sepolgen/Makefile
> --- selinux/sepolgen/src/sepolgen/Makefile	2011-09-09 20:12:56.080662897 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/sepolgen/Makefile	2011-09-15 05:20:22.403798789 +0200
> @@ -1,7 +1,9 @@
>  PYTHONLIBDIR ?= $(shell  python -c "from distutils.sysconfig import *; print get_python_lib(1)")
>  PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
>  
> -install:
> +all:
> +
> +install: all
>  	-mkdir -p $(PACKAGEDIR)
>  	install -m 644 *.py $(PACKAGEDIR)
>  
> diff -pruN selinux/sepolgen/src/share/Makefile selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/share/Makefile
> --- selinux/sepolgen/src/share/Makefile	2011-09-09 20:12:56.082662911 +0200
> +++ selinux-14092011-patch-v5-do-not-modify-library-link-creation/sepolgen/src/share/Makefile	2011-09-15 05:20:22.404798727 +0200
> @@ -1,6 +1,8 @@
>  SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
>  
> -install:
> +all:
> +
> +install: all
>  	-mkdir -p $(SHAREDIR)
>  	install -m 644 perm_map $(SHAREDIR)
>  
> After the above patch, other patches are pending: semanage.conf manual
> page (might no longer apply cleanly), libsemanage test fix function's
> arguments.
> 
> Regards,
> 
> Guido
> 
> On Wed, 2011-09-14 at 15:31 -0400, Eric Paris wrote:
> > On Wed, 2011-09-14 at 01:33 +0200, Guido Trentalancia wrote:
> > > Another possible improvement could be as follows (libsemanag):
> > > 
> > > Fix a few calls to semanage_store_access_check() in the libsemanage
> > > tests so that a void function is called.
> > 
> > Please in the future include a line which looks something like the
> > following at the end of the comments with all patches you wish to have
> > committed:
> > 
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> > 
> > The purpose of this line is to indicate that you have the rights to
> > contribute this code to the project and that you agree to license the
> > code according to the license(s) of the file(s) that the patch will be
> > applied to.
> > 
> > I prefer patches in the format like the linux kernel: 
> > https://github.com/torvalds/linux/blob/master/Documentation/SubmittingPatches
> > 
> > Basically that entails the subject line of the e-mail is the short
> > description of the patch (nothing extra except inside the [])
> > 
> > The body should be a complete description of what change you made and in
> > particular why.  You should mention testing and things like that as
> > well.
> > 
> > The signed-off-by line.
> > The last line of the changelog should be just --- (at the beginning of
> > the line)
> > 
> > After the --- line include the patch.
> > 
> > thanks so much!
> > 
> > -Eric
> > 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Thu, 2011-09-15 at 04:44 +0200, Guido Trentalancia wrote:
> > The above will break when building checkpolicy separately.  
> 
> Yes it will. But it also avoids linking an existing old static library
> when building from the whole git bundle.

You can already avoid that problem by building with make DESTDIR=~/out
install (which will then install libsepol.a under ~/out/usr/lib and use
it rather than the system one when linking subsequent libraries and
programs), so our current build procedure isn't broken, just the newly
proposed one.

> Before creating each release of the separate components, that piece of
> patch could be reverted or otherwise a script could invoke sed on the
> affected Makefiles.

I don't see that as a maintainable solution.  What other upstream
projects patch their Makefiles before release and thus ship a different
set of Makefiles than the ones they are using themselves for testing?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

Hi Stephen.

On Thu, 2011-09-15 at 08:56 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 04:44 +0200, Guido Trentalancia wrote:
> > > The above will break when building checkpolicy separately.  
> > 
> > Yes it will. But it also avoids linking an existing old static library
> > when building from the whole git bundle.
> 
> You can already avoid that problem by building with make DESTDIR=~/out
> install (which will then install libsepol.a under ~/out/usr/lib and use
> it rather than the system one when linking subsequent libraries and
> programs), so our current build procedure isn't broken, just the newly
> proposed one.

What you suggest is:

make DESTDIR=~/out install

which is equivalent to:

make DESTDIR=/opt/out (for those whom do not have the tilde ~ handy on
their keyboads)

which results in an error caused by wrong compiler link flags being used
by the current SELinux userspace build system (wrong shared library path
to be more precise, i.e. wrong path after -L flag):

...
make -C src install
make[2]: Entering directory
`/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
cc -O3 -march=corei7 -mtune=corei7 -fPIC -I../include
-I/opt/out/usr/include -D_GNU_SOURCE   -shared -o libsemanage.so.1
utilities.lo user_extra_record.lo modules.lo boolean_record.lo
ports_file.lo interfaces_file.lo interfaces_local.lo seuser_record.lo
user_base_record.lo booleans_file.lo genhomedircon.lo fcontexts_file.lo
booleans_local.lo database_llist.lo parse_utils.lo nodes_policydb.lo
policy_components.lo users_extra_file.lo debug.lo fcontext_record.lo
database_file.lo seusers_file.lo fcontexts_local.lo ports_local.lo
direct_api.lo seusers_local.lo context_record.lo nodes_file.lo
port_record.lo users_base_policydb.lo semanage_store.lo
users_base_file.lo fcontexts_policy.lo booleans_activedb.lo
users_policy.lo handle.lo booleans_policydb.lo nodes_local.lo
interfaces_policy.lo database.lo users_local.lo ports_policy.lo
booleans_active.lo nodes_policy.lo booleans_policy.lo users_join.lo
user_record.lo seusers_policy.lo database_join.lo database_activedb.lo
ports_policydb.lo interfaces_policydb.lo database_policydb.lo
iface_record.lo node_record.lo conf-scan.lo conf-parse.lo -lsepol
-lselinux -lbz2 -lustr -L/usr/lib64/
-Wl,-soname,libsemanage.so.1,--version-script=libsemanage.map,-z,defs
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.1/../../../../x86_64-unknown-linux-gnu/bin/ld: /usr/lib64//libselinux.a(selinux_config.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
/usr/lib64//libselinux.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make[2]: *** [libsemanage.so.1] Error 1
make[2]: Leaving directory
`/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
make[1]: *** [install] Error 2
make[1]: Leaving directory
`/usr/src/selinux-userspace/git/selinux-test/libsemanage'
make: *** [install] Error 1

It is sourcing dynamic libraries from /usr/lib64 or in other words from
LIBDIR, while you would expect it to source dynamic libraries
from /opt/out/usr/lib64 (or ~/out/usr/lib64 for the lucky ones that have
the tilde on their keyboard).

> > Before creating each release of the separate components, that piece of
> > patch could be reverted or otherwise a script could invoke sed on the
> > affected Makefiles.
> 
> I don't see that as a maintainable solution.  What other upstream
> projects patch their Makefiles before release and thus ship a different
> set of Makefiles than the ones they are using themselves for testing?

No other project that I am aware of is going to patch the Makefile
before releasing versions out. But also no other project that I am aware
of is releasing individual components from a unique repository base.

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Thu, 2011-09-15 at 18:04 +0200, Guido Trentalancia wrote:
> which results in an error caused by wrong compiler link flags being used
> by the current SELinux userspace build system (wrong shared library path
> to be more precise, i.e. wrong path after -L flag):
> 
> ...
> make -C src install
> make[2]: Entering directory
> `/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
> cc -O3 -march=corei7 -mtune=corei7 -fPIC -I../include
> -I/opt/out/usr/include -D_GNU_SOURCE   -shared -o libsemanage.so.1
> utilities.lo user_extra_record.lo modules.lo boolean_record.lo
> ports_file.lo interfaces_file.lo interfaces_local.lo seuser_record.lo
> user_base_record.lo booleans_file.lo genhomedircon.lo fcontexts_file.lo
> booleans_local.lo database_llist.lo parse_utils.lo nodes_policydb.lo
> policy_components.lo users_extra_file.lo debug.lo fcontext_record.lo
> database_file.lo seusers_file.lo fcontexts_local.lo ports_local.lo
> direct_api.lo seusers_local.lo context_record.lo nodes_file.lo
> port_record.lo users_base_policydb.lo semanage_store.lo
> users_base_file.lo fcontexts_policy.lo booleans_activedb.lo
> users_policy.lo handle.lo booleans_policydb.lo nodes_local.lo
> interfaces_policy.lo database.lo users_local.lo ports_policy.lo
> booleans_active.lo nodes_policy.lo booleans_policy.lo users_join.lo
> user_record.lo seusers_policy.lo database_join.lo database_activedb.lo
> ports_policydb.lo interfaces_policydb.lo database_policydb.lo
> iface_record.lo node_record.lo conf-scan.lo conf-parse.lo -lsepol
> -lselinux -lbz2 -lustr -L/usr/lib64/
> -Wl,-soname,libsemanage.so.1,--version-script=libsemanage.map,-z,defs
> /usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.1/../../../../x86_64-unknown-linux-gnu/bin/ld: /usr/lib64//libselinux.a(selinux_config.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
> /usr/lib64//libselinux.a: could not read symbols: Bad value
> collect2: ld returned 1 exit status
> make[2]: *** [libsemanage.so.1] Error 1
> make[2]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
> make[1]: *** [install] Error 2
> make[1]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-test/libsemanage'
> make: *** [install] Error 1
> 
> It is sourcing dynamic libraries from /usr/lib64 or in other words from
> LIBDIR, while you would expect it to source dynamic libraries
> from /opt/out/usr/lib64 (or ~/out/usr/lib64 for the lucky ones that have
> the tilde on their keyboard).

Is that with your patched tree?  Because I don't get that error, and it
doesn't make sense based on my reading of the current
libsemanage/src/Makefile and how it sets LIBDIR based on DESTDIR.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

Hello Stephen.

On Thu, 2011-09-15 at 12:35 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 18:04 +0200, Guido Trentalancia wrote:
> > which results in an error caused by wrong compiler link flags being used
> > by the current SELinux userspace build system (wrong shared library path
> > to be more precise, i.e. wrong path after -L flag):
> > 
> > ...
> > make -C src install
> > make[2]: Entering directory
> > `/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
> > cc -O3 -march=corei7 -mtune=corei7 -fPIC -I../include
> > -I/opt/out/usr/include -D_GNU_SOURCE   -shared -o libsemanage.so.1
> > utilities.lo user_extra_record.lo modules.lo boolean_record.lo
> > ports_file.lo interfaces_file.lo interfaces_local.lo seuser_record.lo
> > user_base_record.lo booleans_file.lo genhomedircon.lo fcontexts_file.lo
> > booleans_local.lo database_llist.lo parse_utils.lo nodes_policydb.lo
> > policy_components.lo users_extra_file.lo debug.lo fcontext_record.lo
> > database_file.lo seusers_file.lo fcontexts_local.lo ports_local.lo
> > direct_api.lo seusers_local.lo context_record.lo nodes_file.lo
> > port_record.lo users_base_policydb.lo semanage_store.lo
> > users_base_file.lo fcontexts_policy.lo booleans_activedb.lo
> > users_policy.lo handle.lo booleans_policydb.lo nodes_local.lo
> > interfaces_policy.lo database.lo users_local.lo ports_policy.lo
> > booleans_active.lo nodes_policy.lo booleans_policy.lo users_join.lo
> > user_record.lo seusers_policy.lo database_join.lo database_activedb.lo
> > ports_policydb.lo interfaces_policydb.lo database_policydb.lo
> > iface_record.lo node_record.lo conf-scan.lo conf-parse.lo -lsepol
> > -lselinux -lbz2 -lustr -L/usr/lib64/
> > -Wl,-soname,libsemanage.so.1,--version-script=libsemanage.map,-z,defs
> > /usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.1/../../../../x86_64-unknown-linux-gnu/bin/ld: /usr/lib64//libselinux.a(selinux_config.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
> > /usr/lib64//libselinux.a: could not read symbols: Bad value
> > collect2: ld returned 1 exit status
> > make[2]: *** [libsemanage.so.1] Error 1
> > make[2]: Leaving directory
> > `/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
> > make[1]: *** [install] Error 2
> > make[1]: Leaving directory
> > `/usr/src/selinux-userspace/git/selinux-test/libsemanage'
> > make: *** [install] Error 1
> > 
> > It is sourcing dynamic libraries from /usr/lib64 or in other words from
> > LIBDIR, while you would expect it to source dynamic libraries
> > from /opt/out/usr/lib64 (or ~/out/usr/lib64 for the lucky ones that have
> > the tilde on their keyboard).
> 
> Is that with your patched tree?  

Nope, with original from git.

With my patch everything works all right. Otherwise why did I create the
patch in the first place ??

> Because I don't get that error, and it
> doesn't make sense based on my reading of the current
> libsemanage/src/Makefile and how it sets LIBDIR based on DESTDIR.

I only forgot to mention the flags that I used:

CFLAGS="-O3 -march=corei7 -mtune=corei7" LIBDIR=/usr/lib64
SHLIBDIR=/usr/lib64 DESTDIR=/opt/out make install

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Eric Paris]

On Thu, 2011-09-15 at 18:04 +0200, Guido Trentalancia wrote:

> ...
> make -C src install
> make[2]: Entering directory
> `/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
> cc -O3 -march=corei7 -mtune=corei7 -fPIC -I../include
> -I/opt/out/usr/include -D_GNU_SOURCE   -shared -o libsemanage.so.1
> utilities.lo user_extra_record.lo modules.lo boolean_record.lo
> ports_file.lo interfaces_file.lo interfaces_local.lo seuser_record.lo
> user_base_record.lo booleans_file.lo genhomedircon.lo fcontexts_file.lo
> booleans_local.lo database_llist.lo parse_utils.lo nodes_policydb.lo
> policy_components.lo users_extra_file.lo debug.lo fcontext_record.lo
> database_file.lo seusers_file.lo fcontexts_local.lo ports_local.lo
> direct_api.lo seusers_local.lo context_record.lo nodes_file.lo
> port_record.lo users_base_policydb.lo semanage_store.lo
> users_base_file.lo fcontexts_policy.lo booleans_activedb.lo
> users_policy.lo handle.lo booleans_policydb.lo nodes_local.lo
> interfaces_policy.lo database.lo users_local.lo ports_policy.lo
> booleans_active.lo nodes_policy.lo booleans_policy.lo users_join.lo
> user_record.lo seusers_policy.lo database_join.lo database_activedb.lo
> ports_policydb.lo interfaces_policydb.lo database_policydb.lo
> iface_record.lo node_record.lo conf-scan.lo conf-parse.lo -lsepol
> -lselinux -lbz2 -lustr -L/usr/lib64/
> -Wl,-soname,libsemanage.so.1,--version-script=libsemanage.map,-z,defs
> /usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.1/../../../../x86_64-unknown-linux-gnu/bin/ld: /usr/lib64//libselinux.a(selinux_config.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
> /usr/lib64//libselinux.a: could not read symbols: Bad value
> collect2: ld returned 1 exit status
> make[2]: *** [libsemanage.so.1] Error 1
> make[2]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-test/libsemanage/src'
> make[1]: *** [install] Error 2
> make[1]: Leaving directory
> `/usr/src/selinux-userspace/git/selinux-test/libsemanage'
> make: *** [install] Error 1


My patch 1/2 from yesterday fixes this problem with the current upstream
master branch.

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Thu, 2011-09-15 at 19:03 +0200, Guido Trentalancia wrote:
> Nope, with original from git.
> 
> With my patch everything works all right. Otherwise why did I create the
> patch in the first place ??

I don't know.  As I've said, make DESTDIR=~/out install worked fine
until recently, and with Eric's patch 1/2 to fix up the recent breakage
of the libselinux Makefile and my just-posted patch for the sandbox
Makefile, I can once again do a make DESTDIR=~/out install on a system
without the system -devel packages.

> I only forgot to mention the flags that I used:
> 
> CFLAGS="-O3 -march=corei7 -mtune=corei7" LIBDIR=/usr/lib64
> SHLIBDIR=/usr/lib64 DESTDIR=/opt/out make install

So it is picking up the wrong libs because you told it to do so by
separately specifying incompatible DESTDIR and LIBDIR/SHLIBDIR
definitions.  Either only specify DESTDIR and let it automatically
derive LIBDIR/SHLIBDIR underneath, or specify them all with the same
prefix.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Guido Trentalancia]

On Thu, 2011-09-15 at 13:16 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 19:03 +0200, Guido Trentalancia wrote:
> > Nope, with original from git.
> > 
> > With my patch everything works all right. Otherwise why did I create the
> > patch in the first place ??
> 
> I don't know.  As I've said, make DESTDIR=~/out install worked fine
> until recently, and with Eric's patch 1/2 to fix up the recent breakage
> of the libselinux Makefile and my just-posted patch for the sandbox
> Makefile, I can once again do a make DESTDIR=~/out install on a system
> without the system -devel packages.
> 
> > I only forgot to mention the flags that I used:
> > 
> > CFLAGS="-O3 -march=corei7 -mtune=corei7" LIBDIR=/usr/lib64
> > SHLIBDIR=/usr/lib64 DESTDIR=/opt/out make install
> 
> So it is picking up the wrong libs because you told it to do so by
> separately specifying incompatible DESTDIR and LIBDIR/SHLIBDIR
> definitions.  Either only specify DESTDIR and let it automatically
> derive LIBDIR/SHLIBDIR underneath, or specify them all with the same
> prefix.

My requirements are that I am on a 64-bit system and therefore I
need/want to distiguish between "lib" and "lib64". I do not need/care
about distinguishing between SHLIBDIR and LIBDIR. I am fine either
without a DESTDIR or with a DESTDIR as you suggested (both are
problematic).

And it breaks again after that...

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries (and possible security issue)

[Stephen Smalley]

On Thu, 2011-09-15 at 19:26 +0200, Guido Trentalancia wrote:
> My requirements are that I am on a 64-bit system and therefore I
> need/want to distiguish between "lib" and "lib64". I do not need/care
> about distinguishing between SHLIBDIR and LIBDIR. I am fine either
> without a DESTDIR or with a DESTDIR as you suggested (both are
> problematic).

rm -rf ~/out
make DESTDIR=~/out install
rm -rf ~/out
make DESTDIR=~/out LIBDIR=~/out/usr/lib64 SHLIBDIR=~/out/lib64 install

Both work fine for me with current selinux git master branch + Eric's
patch 1/2 libselinux + my policycoreutils sandbox patch.

> And it breaks again after that...

You'd have to show where it fails.  It seems to work for me and Eric.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries

[Guido Trentalancia]

On Thu, 2011-09-15 at 14:14 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 19:26 +0200, Guido Trentalancia wrote:
> > My requirements are that I am on a 64-bit system and therefore I
> > need/want to distiguish between "lib" and "lib64". I do not need/care
> > about distinguishing between SHLIBDIR and LIBDIR. I am fine either
> > without a DESTDIR or with a DESTDIR as you suggested (both are
> > problematic).
> 
> rm -rf ~/out
> make DESTDIR=~/out install

> rm -rf ~/out
> make DESTDIR=~/out LIBDIR=~/out/usr/lib64 SHLIBDIR=~/out/lib64 install

I did hit other issues too. Lesson learned was: add -lbz2 -lustr to
LDLIBS in policycoreutils/{semodule,setsebool}/Makefile and replace =
with ?= in checkpolicy/test/Makefile

Unfortunately none of the above is exactly what I am looking for...

I am looking to install directly under the root live filesystem. So
DESTDIR is not going to be used in my specific case. And I need
LIBDIR=SHLIBDIR=/usr/lib64. Also, I'd like to first type "make" to build
only and then type "make install" to get things installed.

rm -rf /usr/include/selinux/ ; rm -rf /usr/include/semanage/ ; rm
-rf /usr/include/sepol/ ; rm -f /usr/lib64/libsepol.* ; rm
-f /usr/lib64/libsemanage.* ; CFLAGS="-O3 -march=corei7 -mtune=corei7"
LIBDIR=/usr/lib64 SHLIBDIR=/usr/lib64 make install

Works with "install" target only with latest git. So it is not possible
to build only first and then install.

> Both work fine for me with current selinux git master branch + Eric's
> patch 1/2 libselinux + my policycoreutils sandbox patch.
> 
> > And it breaks again after that...
> 
> You'd have to show where it fails.  It seems to work for me and Eric.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries

[Guido Trentalancia]

On Thu, 2011-09-15 at 14:14 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 19:26 +0200, Guido Trentalancia wrote:
> > My requirements are that I am on a 64-bit system and therefore I
> > need/want to distiguish between "lib" and "lib64". I do not need/care
> > about distinguishing between SHLIBDIR and LIBDIR. I am fine either
> > without a DESTDIR or with a DESTDIR as you suggested (both are
> > problematic).
> 
> rm -rf ~/out
> make DESTDIR=~/out install
> rm -rf ~/out
> make DESTDIR=~/out LIBDIR=~/out/usr/lib64 SHLIBDIR=~/out/lib64 install
> 
> Both work fine for me with current selinux git master branch + Eric's
> patch 1/2 libselinux + my policycoreutils sandbox patch.
> 
> > And it breaks again after that...
> 
> You'd have to show where it fails.  It seems to work for me and Eric.

With the original git the breakage is as follows (simple "make" with
default target which is not "install"):

(missing libsepol header when compiling libselinux):

cc -O3 -march=corei7 -mtune=corei7 -I../include -I/usr/include
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64   -c -o load_policy.o load_policy.c
load_policy.c:14:25: fatal error: sepol/sepol.h: No such file or
directory

and from then on, it is a long series of failures:

(missing libsepol header when compiling libsemanage)
(missing libselinux header when compiling libsemanage)
(missing libsepol header when compiling checkpolicy)
(missing libsepol static lib when linking checkpolicy)
(missing libsepol header when compiling under checkpolicy/test)
(missing libsepol header when compiling policycoreutils/setfiles)
(missing libselinux header when compiling policycoreutils/setfiles)
(same as previous two for policycoreutils/load_policy)
(missing libselinux header for newrole)
(missing libselinux header for run_init)
(same as above for sandbox)
(same as above for secon)
(same as above for sestatus)
(missing libsepol header for semodule_package)
(missing libsemanage header for semodule)
(missing libsepol header for semodule_link)
(missing libsepol header for semodule_expand)
(missing libsepol static lib for semodule_deps)
...

Only if "install" target is forced, then it works. That's why I still
believe the patch is worth.

It is not normal that an installation is mandatory for building a
package...

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries

[Stephen Smalley]

On Thu, 2011-09-15 at 21:12 +0200, Guido Trentalancia wrote:
> I did hit other issues too. Lesson learned was: add -lbz2 -lustr to
> LDLIBS in policycoreutils/{semodule,setsebool}/Makefile and replace =
> with ?= in checkpolicy/test/Makefile
> 
> Unfortunately none of the above is exactly what I am looking for...
> 
> I am looking to install directly under the root live filesystem. So
> DESTDIR is not going to be used in my specific case. And I need
> LIBDIR=SHLIBDIR=/usr/lib64. Also, I'd like to first type "make" to build
> only and then type "make install" to get things installed.
> 
> rm -rf /usr/include/selinux/ ; rm -rf /usr/include/semanage/ ; rm
> -rf /usr/include/sepol/ ; rm -f /usr/lib64/libsepol.* ; rm
> -f /usr/lib64/libsemanage.* ; CFLAGS="-O3 -march=corei7 -mtune=corei7"
> LIBDIR=/usr/lib64 SHLIBDIR=/usr/lib64 make install
> 
> Works with "install" target only with latest git. So it is not possible
> to build only first and then install.

Yes, if you want that, you'll need further changes.  But rather than
changing the component Makefiles in a manner that won't work for
separate builds, how about defining some top-level variables and using
them throughout, with conditional definitions (?=) within the individual
Makefiles so that the separate builds still work.  Like the following
(incomplete, but gives the idea):

diff --git a/Makefile b/Makefile
index 09c2c1e..f68a2b2 100644
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,10 @@ ifeq ($(DEBUG),1)
 	export LDFLAGS = -g
 endif
 
+export LIBSEPOLSTATIC=$(CURDIR)/libsepol/src/libsepol.a
+export EXTRA_INCLUDES=-I$(CURDIR)/libsepol/include -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsemanage/include
+export EXTRA_LIBS=-L$(CURDIR)/libsepol/src -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsemanage/src
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 7680008..4651616 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -7,7 +7,8 @@ PYPREFIX ?= $(notdir $(PYTHON))
 # Installation directories.
 PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(PREFIX)/lib
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
+SHLIBDIR ?= $(DESTDIR)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
 PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
@@ -54,7 +55,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
 OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
 RANLIB=ranlib
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -102,7 +103,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index d9120c0..44962e6 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
 LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
 CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
 
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
+override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE 
 RANLIB=ranlib
 
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr $(EXTRA_LIBS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries

[Guido Trentalancia]

Hello Stephen.

On Thu, 2011-09-15 at 16:00 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 21:12 +0200, Guido Trentalancia wrote:
> > I did hit other issues too. Lesson learned was: add -lbz2 -lustr to
> > LDLIBS in policycoreutils/{semodule,setsebool}/Makefile and replace =
> > with ?= in checkpolicy/test/Makefile
> > 
> > Unfortunately none of the above is exactly what I am looking for...
> > 
> > I am looking to install directly under the root live filesystem. So
> > DESTDIR is not going to be used in my specific case. And I need
> > LIBDIR=SHLIBDIR=/usr/lib64. Also, I'd like to first type "make" to build
> > only and then type "make install" to get things installed.
> > 
> > rm -rf /usr/include/selinux/ ; rm -rf /usr/include/semanage/ ; rm
> > -rf /usr/include/sepol/ ; rm -f /usr/lib64/libsepol.* ; rm
> > -f /usr/lib64/libsemanage.* ; CFLAGS="-O3 -march=corei7 -mtune=corei7"
> > LIBDIR=/usr/lib64 SHLIBDIR=/usr/lib64 make install
> > 
> > Works with "install" target only with latest git. So it is not possible
> > to build only first and then install.
> 
> Yes, if you want that, you'll need further changes.  

It's not me specifically wanting that, I think...

> But rather than
> changing the component Makefiles in a manner that won't work for
> separate builds, how about defining some top-level variables and using
> them throughout, with conditional definitions (?=) within the individual
> Makefiles so that the separate builds still work.  Like the following
> (incomplete, but gives the idea):
> 
> diff --git a/Makefile b/Makefile
> index 09c2c1e..f68a2b2 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -7,6 +7,10 @@ ifeq ($(DEBUG),1)
>  	export LDFLAGS = -g
>  endif
>  
> +export LIBSEPOLSTATIC=$(CURDIR)/libsepol/src/libsepol.a
> +export EXTRA_INCLUDES=-I$(CURDIR)/libsepol/include -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsemanage/include
> +export EXTRA_LIBS=-L$(CURDIR)/libsepol/src -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsemanage/src

Yes, I like the idea. I would only really change EXTRA to LOCAL for
better readability.

>  all install relabel clean test indent:
>  	@for subdir in $(SUBDIRS); do \
>  		(cd $$subdir && $(MAKE) $@) || exit 1; \
> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> index 7680008..4651616 100644
> --- a/libselinux/src/Makefile
> +++ b/libselinux/src/Makefile
> @@ -7,7 +7,8 @@ PYPREFIX ?= $(notdir $(PYTHON))
>  # Installation directories.
>  PREFIX ?= $(DESTDIR)/usr
>  LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(PREFIX)/lib
> +LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a

Hopefully the above won't override the exported one from top-level...

> +SHLIBDIR ?= $(DESTDIR)/lib
>  INCLUDEDIR ?= $(PREFIX)/include
>  PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
>  PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
> @@ -54,7 +55,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
>  OBJS= $(patsubst %.c,%.o,$(SRCS))
>  LOBJS= $(patsubst %.c,%.lo,$(SRCS))
>  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
> -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> +override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)

It seems to me that you are giving the precedence to the system-wide
includes. We want the EXTRA/LOCAL ones to have precedence over the
system-wide ones, with the fall-back only for released components (which
won't have EXTRA/LOCAL passed to them from a top-level Makefile).

>  RANLIB=ranlib
>  
>  ARCH := $(patsubst i%86,i386,$(shell uname -m))
> @@ -102,7 +103,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
>  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
>  
>  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -Wl,-soname,$@

As long as the locally-defined LIBSEPOLSTATIC did not override the
top-level exported one for builds from the whole git bundle (see
above)...

>  %.o:  %.c policy.h
>  	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
> diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
> index d9120c0..44962e6 100644
> --- a/libsemanage/src/Makefile
> +++ b/libsemanage/src/Makefile
> @@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
>  LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
>  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
>  
> -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
> +override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE 

See above for precedence of flags (search order).

>  RANLIB=ranlib
>  
>  SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
> @@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
>  	$(RANLIB) $@
>  
>  $(LIBSO): $(LOBJS)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr $(EXTRA_LIBS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs

You already reminded me that the order does not matter to ld, I hope the
same is true for cpp and -I (see above).

>  	ln -sf $@ $(TARGET)
>  
>  $(LIBPC): $(LIBPC).in

If you decide to go for this solution there might be other minor things
from my original patch that might be worth importing.

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries

[Stephen Smalley]

On Thu, 2011-09-15 at 22:32 +0200, Guido Trentalancia wrote:
> > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> > index 7680008..4651616 100644
> > --- a/libselinux/src/Makefile
> > +++ b/libselinux/src/Makefile
> > @@ -7,7 +7,8 @@ PYPREFIX ?= $(notdir $(PYTHON))
> >  # Installation directories.
> >  PREFIX ?= $(DESTDIR)/usr
> >  LIBDIR ?= $(PREFIX)/lib
> > -SHLIBDIR ?= $(PREFIX)/lib
> > +LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
> 
> Hopefully the above won't override the exported one from top-level...

It won't, because we use the ?= operator above.  So it will take effect
if building in the libselinux directory, as for a per-package build, not
if building from top-level.

> > @@ -54,7 +55,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
> >  OBJS= $(patsubst %.c,%.o,$(SRCS))
> >  LOBJS= $(patsubst %.c,%.lo,$(SRCS))
> >  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
> > -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> > +override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> 
> It seems to me that you are giving the precedence to the system-wide
> includes. We want the EXTRA/LOCAL ones to have precedence over the
> system-wide ones, with the fall-back only for released components (which
> won't have EXTRA/LOCAL passed to them from a top-level Makefile).

See the description of -I in the man page for gcc.  The above will have
the desired effect.

> > @@ -102,7 +103,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
> >  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
> >  
> >  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> > -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> > +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -Wl,-soname,$@
> 
> As long as the locally-defined LIBSEPOLSTATIC did not override the
> top-level exported one for builds from the whole git bundle (see
> above)...

It won't.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v5] Fix includes for userspace tools and libraries

[Guido Trentalancia]

On Fri, 2011-09-16 at 08:39 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 22:32 +0200, Guido Trentalancia wrote:
> > > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> > > index 7680008..4651616 100644
> > > --- a/libselinux/src/Makefile
> > > +++ b/libselinux/src/Makefile
> > > @@ -7,7 +7,8 @@ PYPREFIX ?= $(notdir $(PYTHON))
> > >  # Installation directories.
> > >  PREFIX ?= $(DESTDIR)/usr
> > >  LIBDIR ?= $(PREFIX)/lib
> > > -SHLIBDIR ?= $(PREFIX)/lib
> > > +LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
> > 
> > Hopefully the above won't override the exported one from top-level...
> 
> It won't, because we use the ?= operator above.  So it will take effect
> if building in the libselinux directory, as for a per-package build, not
> if building from top-level.
> 
> > > @@ -54,7 +55,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
> > >  OBJS= $(patsubst %.c,%.o,$(SRCS))
> > >  LOBJS= $(patsubst %.c,%.lo,$(SRCS))
> > >  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
> > > -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> > > +override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> > 
> > It seems to me that you are giving the precedence to the system-wide
> > includes. We want the EXTRA/LOCAL ones to have precedence over the
> > system-wide ones, with the fall-back only for released components (which
> > won't have EXTRA/LOCAL passed to them from a top-level Makefile).
> 
> See the description of -I in the man page for gcc.  The above will have
> the desired effect.
> 
> > > @@ -102,7 +103,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
> > >  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
> > >  
> > >  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> > > -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> > > +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -Wl,-soname,$@
> > 
> > As long as the locally-defined LIBSEPOLSTATIC did not override the
> > top-level exported one for builds from the whole git bundle (see
> > above)...
> 
> It won't.

Yes, excellent, let's go for that then.

Guido



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH v6] Fix includes for userspace tools and libraries

[Guido Trentalancia]

Hello Stephen.

Attached below please find the latest version of the patch with your
changes introduced.

For reference, your changes were intended to add variables that define
static libraries to be used for linking. By defining the local versions
in the top-level Makefile and generic default system-wide versions in
the lower-level Makefiles, it is possible to build the whole libraries
+tools bundle from git. Otherwise, it is still possible to distribute
the separate components individually from the same tree and they will
still build properly as the lower-level Makefiles still define the
system-wide static libraries for linking.

I have therefore removed the useless make_release.sh script.

I have also documented the USE_PAM build-time option for run_init in the
top-level README file. I believe a top-level README file is very
courteous and useful for this sort of notes.

Of course, I can (re)produce a better description of the patch if
needed.

diff -pruN selinux-17092011-orig/checkpolicy/Makefile selinux-17092011-patched-sds/checkpolicy/Makefile
--- selinux-17092011-orig/checkpolicy/Makefile	2011-09-09 20:12:55.978662153 +0200
+++ selinux-17092011-patched-sds/checkpolicy/Makefile	2011-09-17 21:52:42.220843537 +0200
@@ -6,6 +6,7 @@ BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 TARGETS = checkpolicy checkmodule
 
 YACC = bison -y
@@ -19,7 +20,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o mod
 CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
 CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
 
-LDLIBS=$(LIBDIR)/libsepol.a -lfl
+LDLIBS=$(LIBSEPOLSTATIC) -L$(LIBDIR) -lfl
 
 GENERATED=lex.yy.c y.tab.c y.tab.h
 
diff -pruN selinux-17092011-orig/checkpolicy/test/Makefile selinux-17092011-patched-sds/checkpolicy/test/Makefile
--- selinux-17092011-orig/checkpolicy/test/Makefile	2011-09-09 20:12:55.980662174 +0200
+++ selinux-17092011-patched-sds/checkpolicy/test/Makefile	2011-09-17 22:02:20.452634304 +0200
@@ -2,14 +2,15 @@
 # Makefile for building the dispol program
 #
 PREFIX ?= $(DESTDIR)/usr
-BINDIR=$(PREFIX)/bin
-LIBDIR=$(PREFIX)/lib
+BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= $(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 
 CFLAGS ?= -g -Wall -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
-LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lsepol -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -lfl
 
 all: dispol dismod
 
diff -pruN selinux-17092011-orig/libselinux/src/Makefile selinux-17092011-patched-sds/libselinux/src/Makefile
--- selinux-17092011-orig/libselinux/src/Makefile	2011-09-17 07:03:41.139162328 +0200
+++ selinux-17092011-patched-sds/libselinux/src/Makefile	2011-09-17 21:46:07.524968539 +0200
@@ -8,6 +8,7 @@ PYPREFIX ?= $(notdir $(PYTHON))
 PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SHLIBDIR ?= $(DESTDIR)/lib
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 INCLUDEDIR ?= $(PREFIX)/include
 PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
 PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
@@ -102,7 +103,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
diff -pruN selinux-17092011-orig/libsemanage/src/Makefile selinux-17092011-patched-sds/libsemanage/src/Makefile
--- selinux-17092011-orig/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-17092011-patched-sds/libsemanage/src/Makefile	2011-09-17 21:22:46.020329558 +0200
@@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in
diff -pruN selinux-17092011-orig/libsemanage/tests/Makefile selinux-17092011-patched-sds/libsemanage/tests/Makefile
--- selinux-17092011-orig/libsemanage/tests/Makefile	2011-09-09 20:12:56.016662432 +0200
+++ selinux-17092011-patched-sds/libsemanage/tests/Makefile	2011-09-17 22:14:10.383231543 +0200
@@ -1,19 +1,24 @@
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+
+LIBSELINUXSTATIC ?= $(LIBDIR)/libselinux.a
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
+
 # Add your test source files here:
 SOURCES = $(wildcard *.c)
 
-# Point this variable to the libsemanage source directory you want to test:
-TESTSRC=../src
+# Point this variable to the libsemanage source directory:
+LIBSEMANAGESRC = ../src
 
 # Add the required external object files here:
-LIBS = ../src/libsemanage.a ../../libselinux/src/libselinux.a ../../libsepol/src/libsepol.a
+LIBS = $(LIBSEMANAGESRC)/libsemanage.a $(LIBSELINUXSTATIC) $(LIBSEPOLSTATIC)
 
 ###########################################################################
 
 EXECUTABLE = libsemanage-tests
-CC = gcc
 CFLAGS = -c -g -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
-INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include
-LDFLAGS = -lcunit -lustr -lbz2
+INCLUDE = -I$(LIBSEMANAGESRC) -I$(LIBSEMANAGESRC)/../include
+LDFLAGS = -L$(LIBDIR) -lcunit -lustr -lbz2
 OBJECTS = $(SOURCES:.c=.o) 
 
 all: $(EXECUTABLE) 
diff -pruN selinux-17092011-orig/Makefile selinux-17092011-patched-sds/Makefile
--- selinux-17092011-orig/Makefile	2011-09-09 20:12:55.977662144 +0200
+++ selinux-17092011-patched-sds/Makefile	2011-09-17 22:12:08.611333333 +0200
@@ -3,10 +3,20 @@ PYSUBDIRS=libselinux libsemanage
 DISTCLEANSUBIDRS=libselinux libsemanage
 
 ifeq ($(DEBUG),1)
-	export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
-	export LDFLAGS = -g
+	CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+	LDFLAGS += -g
 endif
 
+# Released components are built separately (from lower-level Makefiles) and generally they use the
+# system-wide static libraries and header files that are already installed.
+export LIBSELINUXSTATIC = $(CURDIR)/libselinux/src/libselinux.a
+export LIBSEPOLSTATIC = $(CURDIR)/libsepol/src/libsepol.a
+
+CFLAGS += -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsepol/include -I$(CURDIR)/libsemanage/include
+LDFLAGS += -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsepol/src -L$(CURDIR)/libsemanage/src
+export CFLAGS
+export LDFLAGS
+
 all install relabel clean test indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -pruN selinux-17092011-orig/policycoreutils/audit2allow/Makefile selinux-17092011-patched-sds/policycoreutils/audit2allow/Makefile
--- selinux-17092011-orig/policycoreutils/audit2allow/Makefile	2011-09-09 20:12:56.034662561 +0200
+++ selinux-17092011-patched-sds/policycoreutils/audit2allow/Makefile	2011-09-17 21:22:46.021329584 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: ;
 
diff -pruN selinux-17092011-orig/policycoreutils/audit2why/Makefile selinux-17092011-patched-sds/policycoreutils/audit2why/Makefile
--- selinux-17092011-orig/policycoreutils/audit2why/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-17092011-patched-sds/policycoreutils/audit2why/Makefile	2011-09-17 21:22:46.022329611 +0200
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
diff -pruN selinux-17092011-orig/policycoreutils/load_policy/Makefile selinux-17092011-patched-sds/policycoreutils/load_policy/Makefile
--- selinux-17092011-orig/policycoreutils/load_policy/Makefile	2011-09-09 20:12:56.035662568 +0200
+++ selinux-17092011-patched-sds/policycoreutils/load_policy/Makefile	2011-09-17 21:22:46.022329611 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(LIBDIR)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux-17092011-orig/policycoreutils/mcstrans/src/Makefile selinux-17092011-patched-sds/policycoreutils/mcstrans/src/Makefile
--- selinux-17092011-orig/policycoreutils/mcstrans/src/Makefile	2011-09-09 20:12:56.040662607 +0200
+++ selinux-17092011-patched-sds/policycoreutils/mcstrans/src/Makefile	2011-09-17 22:20:21.141097699 +0200
@@ -1,34 +1,40 @@
+# Installation directories
+PREFIX ?= $(DESTDIR)/usr
+SBINDIR ?= $(DESTDIR)/sbin
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+
 ARCH = $(shell uname -i)
 ifeq "$(ARCH)" "x86_64"
 	# In case of 64 bit system, use these lines
-	LIBDIR=/usr/lib64
+	LIBDIR ?= $(PREFIX)/lib64
 else 
 ifeq "$(ARCH)" "i686"
 	# In case of 32 bit system, use these lines
-	LIBDIR=/usr/lib
+	LIBDIR ?= $(PREFIX)/lib
 else
 ifeq "$(ARCH)" "i386"
 	# In case of 32 bit system, use these lines
-	LIBDIR=/usr/lib
+	LIBDIR ?= $(PREFIX)/lib
+else
+	LIBDIR ?= $(PREFIX)/lib
 endif
 endif
 endif
-# Installation directories.
-PREFIX  ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 
 PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
 PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
 PROG=mcstransd
 INITSCRIPT=mcstrans
+
 CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
 override CFLAGS += -I../include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
 
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
-	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+	$(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -lcap -lpcre
 
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIE -c -o $@ $<
diff -pruN selinux-17092011-orig/policycoreutils/mcstrans/utils/Makefile selinux-17092011-patched-sds/policycoreutils/mcstrans/utils/Makefile
--- selinux-17092011-orig/policycoreutils/mcstrans/utils/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-17092011-patched-sds/policycoreutils/mcstrans/utils/Makefile	2011-09-17 22:20:59.192398922 +0200
@@ -5,23 +5,26 @@ BINDIR ?= $(PREFIX)/sbin
 ARCH = $(shell uname -i)
 ifeq "$(ARCH)" "x86_64"
         # In case of 64 bit system, use these lines
-        LIBDIR=/usr/lib64
+        LIBDIR ?= $(PREFIX)/lib64
 else
 ifeq "$(ARCH)" "i686"
         # In case of 32 bit system, use these lines
-        LIBDIR=/usr/lib
+        LIBDIR ?= $(PREFIX)/lib
 else
 ifeq "$(ARCH)" "i386"
         # In case of 32 bit system, use these lines
-        LIBDIR=/usr/lib
+        LIBDIR ?= $(PREFIX)/lib
+else
+	LIBDIR ?= $(PREFIX)/lib
 endif
 endif
 endif
 
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 
 CFLAGS ?= -Wall
 override CFLAGS += -I../src -D_GNU_SOURCE
-LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -L$(LIBDIR) -lpcre $(LIBSEPOLSTATIC)
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 
diff -pruN selinux-17092011-orig/policycoreutils/newrole/Makefile selinux-17092011-patched-sds/policycoreutils/newrole/Makefile
--- selinux-17092011-orig/policycoreutils/newrole/Makefile	2011-09-09 20:12:56.041662614 +0200
+++ selinux-17092011-patched-sds/policycoreutils/newrole/Makefile	2011-09-17 21:22:46.023329633 +0200
@@ -1,9 +1,11 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -22,8 +24,8 @@ VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
diff -pruN selinux-17092011-orig/policycoreutils/restorecond/Makefile selinux-17092011-patched-sds/policycoreutils/restorecond/Makefile
--- selinux-17092011-orig/policycoreutils/restorecond/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-17092011-patched-sds/policycoreutils/restorecond/Makefile	2011-09-17 21:22:46.023329633 +0200
@@ -1,13 +1,15 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-INITDIR = $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
+MANDIR ?= $(PREFIX)/share/man
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR ?= $(DESTDIR)/etc/selinux
 
 CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(LIBDIR)
 
 all: restorecond
 
diff -pruN selinux-17092011-orig/policycoreutils/run_init/Makefile selinux-17092011-patched-sds/policycoreutils/run_init/Makefile
--- selinux-17092011-orig/policycoreutils/run_init/Makefile	2011-09-09 20:12:56.072662837 +0200
+++ selinux-17092011-patched-sds/policycoreutils/run_init/Makefile	2011-09-17 21:22:46.023329633 +0200
@@ -1,16 +1,17 @@
-
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
 CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -L$(PREFIX)/lib
+override CFLAGS += -I$(INCLUDEDIR) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(LIBDIR)
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
diff -pruN selinux-17092011-orig/policycoreutils/sandbox/Makefile selinux-17092011-patched-sds/policycoreutils/sandbox/Makefile
--- selinux-17092011-orig/policycoreutils/sandbox/Makefile	2011-09-17 07:03:41.146162385 +0200
+++ selinux-17092011-patched-sds/policycoreutils/sandbox/Makefile	2011-09-17 21:25:36.947154826 +0200
@@ -1,14 +1,16 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
-SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+PREFIX ?= $(DESTDIR)/usr
+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d/
+SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
+INCLUDEDIR ?= $(PREFIX)/include
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
-LDLIBS += -lcgroup -lselinux -lcap-ng
+override CFLAGS += $(LDFLAGS) -I$(INCLUDEDIR) -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
+LDLIBS += -lselinux -L$(LIBDIR) -lcgroup -lcap-ng
 
 all: sandbox seunshare sandboxX.sh start
 
diff -pruN selinux-17092011-orig/policycoreutils/scripts/genhomedircon.8 selinux-17092011-patched-sds/policycoreutils/scripts/genhomedircon.8
--- selinux-17092011-orig/policycoreutils/scripts/genhomedircon.8	2011-09-09 20:12:56.074662851 +0200
+++ selinux-17092011-patched-sds/policycoreutils/scripts/genhomedircon.8	2011-09-17 21:22:46.024329656 +0200
@@ -1,37 +1,21 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "May 2010" "Security Enhanced Linux" "SELinux"
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
 .SH NAME
 genhomedircon \- generate SELinux file context configuration entries for user home directories
 .SH SYNOPSIS
 .B genhomedircon
-is a script that executes semodule to rebuild policy and create the
-labels for HOMEDIRS based on home directories returned by the getpw calls.
+is a script that executes
+.B semodule
+to rebuild the SELinux policy and to create the
+labels for each user home directory based on directory paths returned by calls to getpwent().
 
-This functionality is enabled via the usepasswd flag in /etc/selinux/semanage.conf.
+This functionality can be disabled by using the "usepasswd" flag in /etc/selinux/semanage.conf
+(such flag can either take the value "true" or "false" and by default it is set to "true").
 
 .SH AUTHOR
 This manual page was written by
 .I Dan Walsh <dwalsh@redhat.com>
+
+The supporting functionality in the semanage library was written by Tresys Technology.
+
+.SH "SEE ALSO"
+semodule(8), getpwent(3), getpwent_r(3)
diff -pruN selinux-17092011-orig/policycoreutils/scripts/Makefile selinux-17092011-patched-sds/policycoreutils/scripts/Makefile
--- selinux-17092011-orig/policycoreutils/scripts/Makefile	2011-09-09 20:12:56.074662851 +0200
+++ selinux-17092011-patched-sds/policycoreutils/scripts/Makefile	2011-09-17 21:22:46.024329656 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
 
 all: fixfiles genhomedircon chcat
 
@@ -11,7 +11,10 @@ install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 chcat $(BINDIR)
 	install -m 755 fixfiles $(DESTDIR)/sbin
-	install -m 755 genhomedircon  $(SBINDIR)
+	@echo "#!/bin/sh" > genhomedircon
+	@echo >> genhomedircon
+	@echo "$(SBINDIR)/semodule -Bn" >> genhomedircon
+	install -m 755 genhomedircon $(SBINDIR)
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 fixfiles.8 $(MANDIR)/man8/
 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff -pruN selinux-17092011-orig/policycoreutils/secon/Makefile selinux-17092011-patched-sds/policycoreutils/secon/Makefile
--- selinux-17092011-orig/policycoreutils/secon/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-17092011-patched-sds/policycoreutils/secon/Makefile	2011-09-17 21:22:46.025329687 +0200
@@ -1,9 +1,9 @@
 # secon tool - command-line context
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
 VERSION = $(shell cat ../VERSION)
diff -pruN selinux-17092011-orig/policycoreutils/semanage/Makefile selinux-17092011-patched-sds/policycoreutils/semanage/Makefile
--- selinux-17092011-orig/policycoreutils/semanage/Makefile	2011-09-09 20:12:56.075662858 +0200
+++ selinux-17092011-patched-sds/policycoreutils/semanage/Makefile	2011-09-17 21:22:46.025329687 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+MANDIR ?= $(PREFIX)/share/man
 PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
diff -pruN selinux-17092011-orig/policycoreutils/semodule/Makefile selinux-17092011-patched-sds/policycoreutils/semodule/Makefile
--- selinux-17092011-orig/policycoreutils/semodule/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-17092011-patched-sds/policycoreutils/semodule/Makefile	2011-09-17 21:22:46.025329687 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux-17092011-orig/policycoreutils/semodule_deps/Makefile selinux-17092011-patched-sds/policycoreutils/semodule_deps/Makefile
--- selinux-17092011-orig/policycoreutils/semodule_deps/Makefile	2011-09-09 20:12:56.076662865 +0200
+++ selinux-17092011-patched-sds/policycoreutils/semodule_deps/Makefile	2011-09-17 21:55:04.748671613 +0200
@@ -1,13 +1,14 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = $(LIBSEPOLSTATIC)
 
 all: semodule_deps
 
diff -pruN selinux-17092011-orig/policycoreutils/semodule_expand/Makefile selinux-17092011-patched-sds/policycoreutils/semodule_expand/Makefile
--- selinux-17092011-orig/policycoreutils/semodule_expand/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-17092011-patched-sds/policycoreutils/semodule_expand/Makefile	2011-09-17 21:22:46.026329705 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux-17092011-orig/policycoreutils/semodule_link/Makefile selinux-17092011-patched-sds/policycoreutils/semodule_link/Makefile
--- selinux-17092011-orig/policycoreutils/semodule_link/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-17092011-patched-sds/policycoreutils/semodule_link/Makefile	2011-09-17 21:22:46.026329705 +0200
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux-17092011-orig/policycoreutils/semodule_package/Makefile selinux-17092011-patched-sds/policycoreutils/semodule_package/Makefile
--- selinux-17092011-orig/policycoreutils/semodule_package/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-17092011-patched-sds/policycoreutils/semodule_package/Makefile	2011-09-17 21:22:46.026329705 +0200
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 
 CFLAGS ?= -Werror -Wall -W
diff -pruN selinux-17092011-orig/policycoreutils/sepolgen-ifgen/Makefile selinux-17092011-patched-sds/policycoreutils/sepolgen-ifgen/Makefile
--- selinux-17092011-orig/policycoreutils/sepolgen-ifgen/Makefile	2011-09-17 07:03:41.148162401 +0200
+++ selinux-17092011-patched-sds/policycoreutils/sepolgen-ifgen/Makefile	2011-09-17 21:54:15.461445508 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
+LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a
 INCLUDEDIR ?= $(PREFIX)/include
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = $(LIBDIR)/libsepol.a
+LDLIBS = $(LIBSEPOLSTATIC)
 
 all: sepolgen-ifgen-attr-helper
 
diff -pruN selinux-17092011-orig/policycoreutils/sestatus/Makefile selinux-17092011-patched-sds/policycoreutils/sestatus/Makefile
--- selinux-17092011-orig/policycoreutils/sestatus/Makefile	2011-09-09 20:12:56.077662873 +0200
+++ selinux-17092011-patched-sds/policycoreutils/sestatus/Makefile	2011-09-17 21:22:46.026329705 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= ${PREFIX}/lib
+LIBDIR ?= $(PREFIX)/lib
 
-CFLAGS = -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR) -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 
 all: sestatus
diff -pruN selinux-17092011-orig/policycoreutils/setfiles/Makefile selinux-17092011-patched-sds/policycoreutils/setfiles/Makefile
--- selinux-17092011-orig/policycoreutils/setfiles/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-17092011-patched-sds/policycoreutils/setfiles/Makefile	2011-09-17 21:22:46.027329716 +0200
@@ -1,12 +1,13 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
+INCLUDEDIR ?= $(PREFIX)/include
+MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 
-CFLAGS = -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 
 ifeq (${AUDITH}, /usr/include/libaudit.h)
diff -pruN selinux-17092011-orig/policycoreutils/setsebool/Makefile selinux-17092011-patched-sds/policycoreutils/setsebool/Makefile
--- selinux-17092011-orig/policycoreutils/setsebool/Makefile	2011-09-09 20:12:56.078662881 +0200
+++ selinux-17092011-patched-sds/policycoreutils/setsebool/Makefile	2011-09-17 21:22:46.027329716 +0200
@@ -2,8 +2,8 @@
 PREFIX ?= $(DESTDIR)/usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(INCLUDEDIR)
diff -pruN selinux-17092011-orig/README selinux-17092011-patched-sds/README
--- selinux-17092011-orig/README	1970-01-01 01:00:00.000000000 +0100
+++ selinux-17092011-patched-sds/README	2011-09-17 21:37:22.524214709 +0200
@@ -0,0 +1,32 @@
+INSTALLATION:
+
+Type "make" to build and then "make install" to install.
+
+---
+
+The environment variables CFLAGS and LDFLAGS can be passed to "make" to use custom compiler
+and/or linker flags (for example: CFLAGS="-O3" LDFLAGS="" make).
+
+The environment variables LIBDIR and SHLIBDIR can be passed to "make" in order to configure
+different directories for the libraries (e.g. LIBDIR=/usr/lib64 and SHLIBDIR=/usr/lib64
+on 64-bit systems).
+
+The environment variable PREFIX can be passed to "make" in order to configure an install
+prefix other than "/usr".
+
+The environment variable DESTDIR can be passed to "make" in order to configure a
+specific directory to be used as the root installation directory.
+
+Please see the Makefile(s) for other environment variables that can be used.
+
+---
+
+BUILD OPTIONS:
+
+policycoreutils/run_init:
+The run_init tool can be compiled with either PAM or shadow password authentication. Please
+edit the Makefile to suit your needs. The default is to build with PAM authentication (-DUSE_PAM).
+Support for Linux Audit (http://people.redhat.com/sgrubb/audit) should be auto-detected by the
+Makefile.
+
+---

On Thu, 2011-09-15 at 16:00 -0400, Stephen Smalley wrote:
> On Thu, 2011-09-15 at 21:12 +0200, Guido Trentalancia wrote:
> > I did hit other issues too. Lesson learned was: add -lbz2 -lustr to
> > LDLIBS in policycoreutils/{semodule,setsebool}/Makefile and replace =
> > with ?= in checkpolicy/test/Makefile
> > 
> > Unfortunately none of the above is exactly what I am looking for...
> > 
> > I am looking to install directly under the root live filesystem. So
> > DESTDIR is not going to be used in my specific case. And I need
> > LIBDIR=SHLIBDIR=/usr/lib64. Also, I'd like to first type "make" to build
> > only and then type "make install" to get things installed.
> > 
> > rm -rf /usr/include/selinux/ ; rm -rf /usr/include/semanage/ ; rm
> > -rf /usr/include/sepol/ ; rm -f /usr/lib64/libsepol.* ; rm
> > -f /usr/lib64/libsemanage.* ; CFLAGS="-O3 -march=corei7 -mtune=corei7"
> > LIBDIR=/usr/lib64 SHLIBDIR=/usr/lib64 make install
> > 
> > Works with "install" target only with latest git. So it is not possible
> > to build only first and then install.
> 
> Yes, if you want that, you'll need further changes.  But rather than
> changing the component Makefiles in a manner that won't work for
> separate builds, how about defining some top-level variables and using
> them throughout, with conditional definitions (?=) within the individual
> Makefiles so that the separate builds still work.  Like the following
> (incomplete, but gives the idea):
> 
> diff --git a/Makefile b/Makefile
> index 09c2c1e..f68a2b2 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -7,6 +7,10 @@ ifeq ($(DEBUG),1)
>  	export LDFLAGS = -g
>  endif
>  
> +export LIBSEPOLSTATIC=$(CURDIR)/libsepol/src/libsepol.a

I have introduced the above in the revised patch attached to this
message, however...

> +export EXTRA_INCLUDES=-I$(CURDIR)/libsepol/include -I$(CURDIR)/libselinux/include -I$(CURDIR)/libsemanage/include
> +export EXTRA_LIBS=-L$(CURDIR)/libsepol/src -L$(CURDIR)/libselinux/src -L$(CURDIR)/libsemanage/src

I've dropped the above because it is not just being used for the
libraries, it is also used for the tools, therefore since it is widely
used, better widely defined.

>  all install relabel clean test indent:
>  	@for subdir in $(SUBDIRS); do \
>  		(cd $$subdir && $(MAKE) $@) || exit 1; \
> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> index 7680008..4651616 100644
> --- a/libselinux/src/Makefile
> +++ b/libselinux/src/Makefile
> @@ -7,7 +7,8 @@ PYPREFIX ?= $(notdir $(PYTHON))
>  # Installation directories.
>  PREFIX ?= $(DESTDIR)/usr
>  LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(PREFIX)/lib
> +LIBSEPOLSTATIC ?= $(LIBDIR)/libsepol.a

Introduced here and elsewhere. For libsepol and also for static
libselinux as needed throughout the whole project.

> +SHLIBDIR ?= $(DESTDIR)/lib
>  INCLUDEDIR ?= $(PREFIX)/include
>  PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
>  PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
> @@ -54,7 +55,7 @@ SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
>  OBJS= $(patsubst %.c,%.o,$(SRCS))
>  LOBJS= $(patsubst %.c,%.lo,$(SRCS))
>  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
> -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
> +override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)

Dropped (see above).

>  RANLIB=ranlib
>  
>  ARCH := $(patsubst i%86,i386,$(shell uname -m))
> @@ -102,7 +103,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
>  	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
>  
>  $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBSEPOLSTATIC) -L$(LIBDIR) -Wl,-soname,$@
>  
>  %.o:  %.c policy.h
>  	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
> diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
> index d9120c0..44962e6 100644
> --- a/libsemanage/src/Makefile
> +++ b/libsemanage/src/Makefile
> @@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
>  LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
>  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
>  
> -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE 
> +override CFLAGS += -I../include -I$(INCLUDEDIR) $(EXTRA_INCLUDES) -D_GNU_SOURCE 
>  RANLIB=ranlib
>  
>  SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
> @@ -87,7 +87,7 @@ $(LIBA): $(OBJS)
>  	$(RANLIB) $@
>  
>  $(LIBSO): $(LOBJS)
> -	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> +	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr $(EXTRA_LIBS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>  	ln -sf $@ $(TARGET)
>  
>  $(LIBPC): $(LIBPC).in
> 

Thanks for the great suggestion.

By the way, I think the patch to tackle the shared library link creation
still needs to be applied. Christopher said he had an idea to improve
it, but then I've not heard anything back from him.

For reference, this was the latest version I think:

--- selinux/libselinux/src/Makefile	2011-09-09 20:12:55.992662259 +0200
+++ selinux-14092011-fix-library-double-symlink-creation/libselinux/src/Makefile	2011-09-15 10:51:50.720619457 +0200
@@ -126,7 +126,8 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	pushd $(LIBDIR) && ln -sf $(SHLIBDIR)/$(LIBSO) $(TARGET) && popd
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 install-pywrap: pywrap
 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
--- selinux/libsepol/src/Makefile	2011-09-09 20:12:56.021662468 +0200
+++ selinux-14092011-fix-library-double-symlink-creation/libsepol/src/Makefile	2011-09-15 10:52:23.139869859 +0200
@@ -43,7 +43,8 @@ install: all
 	install -m 755 $(LIBSO) $(SHLIBDIR)
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
-	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+	pushd $(LIBDIR) && ln -sf $(SHLIBDIR)/$(LIBSO) $(TARGET) && popd
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
--- selinux/libsemanage/src/Makefile	2011-09-09 20:12:56.008662374 +0200
+++ selinux-14092011-fix-library-double-symlink-creation/libsemanage/src/Makefile	2011-09-15 10:53:01.131163131 +0200
@@ -139,7 +139,8 @@ install: all
 	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
 	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 	test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
-	cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+	pushd $(LIBDIR) && ln -sf $(SHLIBDIR)/$(LIBSO) $(TARGET) && popd
+	pushd $(SHLIBDIR) && ln -sf $(LIBSO) $(TARGET) && popd
 
 install-pywrap: pywrap 
 	test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages

If Christopher is still willing to contribute his version which
supposedly reads better, then I'd be quite happy to have that applied
instead, otherwise it doesn't matter I suppose. Similarly it's entirely
up to you to decide the details, as long as it doesn't create broken
links (as unfortunately is currently doing) I am fine with most ideas
(at the moment it creates two links, although personally speaking I
would only need the one in SHLIBDIR).

Regards,

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.