* [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
@ 2019-02-25 0:55 Paulo Alcantara
2019-02-27 14:36 ` Paulo Alcantara
2019-02-27 17:23 ` Stephen Smalley
0 siblings, 2 replies; 6+ messages in thread
From: Paulo Alcantara @ 2019-02-25 0:55 UTC (permalink / raw)
To: selinux; +Cc: paul, Paulo Alcantara
When compiling genheaders and mdp from a newer host kernel, the
following error happens:
In file included from scripts/selinux/genheaders/genheaders.c:18:
./security/selinux/include/classmap.h:238:2: error: #error New
address family defined, please update secclass_map. #error New
address family defined, please update secclass_map. ^~~~~
make[3]: *** [scripts/Makefile.host:107:
scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
[scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
make[1]: *** Waiting for unfinished jobs....
Instead of relying on the host definition, include linux/socket.h in
classmap.h to have PF_MAX.
Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
---
| 1 -
scripts/selinux/mdp/mdp.c | 1 -
security/selinux/include/classmap.h | 1 +
3 files changed, 1 insertion(+), 2 deletions(-)
--git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 1ceedea847dd..544ca126a8a8 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -9,7 +9,6 @@
#include <string.h>
#include <errno.h>
#include <ctype.h>
-#include <sys/socket.h>
struct security_class_mapping {
const char *name;
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
index 073fe7537f6c..6d51b74bc679 100644
--- a/scripts/selinux/mdp/mdp.c
+++ b/scripts/selinux/mdp/mdp.c
@@ -32,7 +32,6 @@
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
-#include <sys/socket.h>
static void usage(char *name)
{
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index bd5fe0d3204a..201f7e588a29 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 */
#include <linux/capability.h>
+#include <linux/socket.h>
#define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
"getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
2019-02-25 0:55 [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX Paulo Alcantara
@ 2019-02-27 14:36 ` Paulo Alcantara
2019-02-27 17:35 ` Paul Moore
2019-02-27 17:23 ` Stephen Smalley
1 sibling, 1 reply; 6+ messages in thread
From: Paulo Alcantara @ 2019-02-27 14:36 UTC (permalink / raw)
To: selinux; +Cc: paul
Paulo Alcantara <paulo@paulo.ac> writes:
> When compiling genheaders and mdp from a newer host kernel, the
> following error happens:
>
> In file included from scripts/selinux/genheaders/genheaders.c:18:
> ./security/selinux/include/classmap.h:238:2: error: #error New
> address family defined, please update secclass_map. #error New
> address family defined, please update secclass_map. ^~~~~
> make[3]: *** [scripts/Makefile.host:107:
> scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
> [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
> make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
> make[1]: *** Waiting for unfinished jobs....
>
> Instead of relying on the host definition, include linux/socket.h in
> classmap.h to have PF_MAX.
>
> Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> ---
> scripts/selinux/genheaders/genheaders.c | 1 -
> scripts/selinux/mdp/mdp.c | 1 -
> security/selinux/include/classmap.h | 1 +
> 3 files changed, 1 insertion(+), 2 deletions(-)
Ping?
Could someone please take a look at this issue?
It's quite easy to reproduce on my host (4.20+) when building an
unpatched 4.14 kernel[1]:
$ make defconfig
*** Default configuration is based on 'x86_64_defconfig'
#
# configuration written to .config
#
$ make scripts
scripts/kconfig/conf --silentoldconfig Kconfig
WRAP arch/x86/include/generated/asm/clkdev.h
WRAP arch/x86/include/generated/asm/dma-contiguous.h
WRAP arch/x86/include/generated/asm/early_ioremap.h
WRAP arch/x86/include/generated/asm/mcs_spinlock.h
WRAP arch/x86/include/generated/asm/mm-arch-hooks.h
CC scripts/mod/empty.o
HOSTCC scripts/mod/mk_elfconfig
MKELF scripts/mod/elfconfig.h
HOSTCC scripts/mod/modpost.o
CC scripts/mod/devicetable-offsets.s
CHK scripts/mod/devicetable-offsets.h
UPD scripts/mod/devicetable-offsets.h
HOSTCC scripts/mod/file2alias.o
HOSTCC scripts/mod/sumversion.o
HOSTLD scripts/mod/modpost
HOSTCC scripts/selinux/genheaders/genheaders
In file included from scripts/selinux/genheaders/genheaders.c:19:
./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map.
#error New address family defined, please update secclass_map.
^~~~~
make[3]: *** [scripts/Makefile.host:102: scripts/selinux/genheaders/genheaders] Error 1
make[2]: *** [scripts/Makefile.build:585: scripts/selinux/genheaders] Error 2
make[1]: *** [scripts/Makefile.build:585: scripts/selinux] Error 2
make: *** [Makefile:572: scripts] Error 2
Thanks
Paulo
[1] https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.104.tar.xz
>
> diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
> index 1ceedea847dd..544ca126a8a8 100644
> --- a/scripts/selinux/genheaders/genheaders.c
> +++ b/scripts/selinux/genheaders/genheaders.c
> @@ -9,7 +9,6 @@
> #include <string.h>
> #include <errno.h>
> #include <ctype.h>
> -#include <sys/socket.h>
>
> struct security_class_mapping {
> const char *name;
> diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
> index 073fe7537f6c..6d51b74bc679 100644
> --- a/scripts/selinux/mdp/mdp.c
> +++ b/scripts/selinux/mdp/mdp.c
> @@ -32,7 +32,6 @@
> #include <stdlib.h>
> #include <unistd.h>
> #include <string.h>
> -#include <sys/socket.h>
>
> static void usage(char *name)
> {
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index bd5fe0d3204a..201f7e588a29 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -1,5 +1,6 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> #include <linux/capability.h>
> +#include <linux/socket.h>
>
> #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
> "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
> --
> 2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
2019-02-25 0:55 [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX Paulo Alcantara
2019-02-27 14:36 ` Paulo Alcantara
@ 2019-02-27 17:23 ` Stephen Smalley
1 sibling, 0 replies; 6+ messages in thread
From: Stephen Smalley @ 2019-02-27 17:23 UTC (permalink / raw)
To: Paulo Alcantara, selinux; +Cc: paul
On 2/24/19 7:55 PM, Paulo Alcantara wrote:
> When compiling genheaders and mdp from a newer host kernel, the
> following error happens:
>
> In file included from scripts/selinux/genheaders/genheaders.c:18:
> ./security/selinux/include/classmap.h:238:2: error: #error New
> address family defined, please update secclass_map. #error New
> address family defined, please update secclass_map. ^~~~~
> make[3]: *** [scripts/Makefile.host:107:
> scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
> [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
> make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
> make[1]: *** Waiting for unfinished jobs....
>
> Instead of relying on the host definition, include linux/socket.h in
> classmap.h to have PF_MAX.
>
> Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> scripts/selinux/genheaders/genheaders.c | 1 -
> scripts/selinux/mdp/mdp.c | 1 -
> security/selinux/include/classmap.h | 1 +
> 3 files changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
> index 1ceedea847dd..544ca126a8a8 100644
> --- a/scripts/selinux/genheaders/genheaders.c
> +++ b/scripts/selinux/genheaders/genheaders.c
> @@ -9,7 +9,6 @@
> #include <string.h>
> #include <errno.h>
> #include <ctype.h>
> -#include <sys/socket.h>
>
> struct security_class_mapping {
> const char *name;
> diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
> index 073fe7537f6c..6d51b74bc679 100644
> --- a/scripts/selinux/mdp/mdp.c
> +++ b/scripts/selinux/mdp/mdp.c
> @@ -32,7 +32,6 @@
> #include <stdlib.h>
> #include <unistd.h>
> #include <string.h>
> -#include <sys/socket.h>
>
> static void usage(char *name)
> {
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index bd5fe0d3204a..201f7e588a29 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -1,5 +1,6 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> #include <linux/capability.h>
> +#include <linux/socket.h>
>
> #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
> "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
2019-02-27 14:36 ` Paulo Alcantara
@ 2019-02-27 17:35 ` Paul Moore
2019-02-27 17:43 ` Paulo Alcantara
0 siblings, 1 reply; 6+ messages in thread
From: Paul Moore @ 2019-02-27 17:35 UTC (permalink / raw)
To: Paulo Alcantara; +Cc: selinux
On Wed, Feb 27, 2019 at 12:07 PM Paulo Alcantara <paulo@paulo.ac> wrote:
> Paulo Alcantara <paulo@paulo.ac> writes:
> > When compiling genheaders and mdp from a newer host kernel, the
> > following error happens:
> >
> > In file included from scripts/selinux/genheaders/genheaders.c:18:
> > ./security/selinux/include/classmap.h:238:2: error: #error New
> > address family defined, please update secclass_map. #error New
> > address family defined, please update secclass_map. ^~~~~
> > make[3]: *** [scripts/Makefile.host:107:
> > scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
> > [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
> > make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
> > make[1]: *** Waiting for unfinished jobs....
> >
> > Instead of relying on the host definition, include linux/socket.h in
> > classmap.h to have PF_MAX.
> >
> > Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> > ---
> > scripts/selinux/genheaders/genheaders.c | 1 -
> > scripts/selinux/mdp/mdp.c | 1 -
> > security/selinux/include/classmap.h | 1 +
> > 3 files changed, 1 insertion(+), 2 deletions(-)
>
> Ping?
>
> Could someone please take a look at this issue?
It looks fine to me, but I typically don't merge patches this late in
the development window (we are at -rc8), unless it is a serious bug
fix.
> It's quite easy to reproduce on my host (4.20+) when building an
> unpatched 4.14 kernel ...
While this is a good patch that does fix a real but, the fact that it
has been broken for several releases tells me this is not a serious
bug and not likely worth the risk for the upcoming merge window
(however small it may be). There has been a lot of good work put into
mdp very recently, and I expect to merge that, as well as your fix,
once the upcoming merge window closes.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
2019-02-27 17:35 ` Paul Moore
@ 2019-02-27 17:43 ` Paulo Alcantara
2019-03-18 22:58 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Paulo Alcantara @ 2019-02-27 17:43 UTC (permalink / raw)
To: Paul Moore; +Cc: selinux
Paul Moore <paul@paul-moore.com> writes:
> On Wed, Feb 27, 2019 at 12:07 PM Paulo Alcantara <paulo@paulo.ac> wrote:
>> Paulo Alcantara <paulo@paulo.ac> writes:
>> > When compiling genheaders and mdp from a newer host kernel, the
>> > following error happens:
>> >
>> > In file included from scripts/selinux/genheaders/genheaders.c:18:
>> > ./security/selinux/include/classmap.h:238:2: error: #error New
>> > address family defined, please update secclass_map. #error New
>> > address family defined, please update secclass_map. ^~~~~
>> > make[3]: *** [scripts/Makefile.host:107:
>> > scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
>> > [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
>> > make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
>> > make[1]: *** Waiting for unfinished jobs....
>> >
>> > Instead of relying on the host definition, include linux/socket.h in
>> > classmap.h to have PF_MAX.
>> >
>> > Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
>> > ---
>> > scripts/selinux/genheaders/genheaders.c | 1 -
>> > scripts/selinux/mdp/mdp.c | 1 -
>> > security/selinux/include/classmap.h | 1 +
>> > 3 files changed, 1 insertion(+), 2 deletions(-)
>>
>> Ping?
>>
>> Could someone please take a look at this issue?
>
> It looks fine to me, but I typically don't merge patches this late in
> the development window (we are at -rc8), unless it is a serious bug
> fix.
Fair enough.
>> It's quite easy to reproduce on my host (4.20+) when building an
>> unpatched 4.14 kernel ...
>
> While this is a good patch that does fix a real but, the fact that it
> has been broken for several releases tells me this is not a serious
> bug and not likely worth the risk for the upcoming merge window
> (however small it may be). There has been a lot of good work put into
> mdp very recently, and I expect to merge that, as well as your fix,
> once the upcoming merge window closes.
Looks good to me. Thanks!
Paulo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
2019-02-27 17:43 ` Paulo Alcantara
@ 2019-03-18 22:58 ` Paul Moore
0 siblings, 0 replies; 6+ messages in thread
From: Paul Moore @ 2019-03-18 22:58 UTC (permalink / raw)
To: Paulo Alcantara; +Cc: selinux
On Wed, Feb 27, 2019 at 12:46 PM Paulo Alcantara <paulo@paulo.ac> wrote:
> Paul Moore <paul@paul-moore.com> writes:
>
> > On Wed, Feb 27, 2019 at 12:07 PM Paulo Alcantara <paulo@paulo.ac> wrote:
> >> Paulo Alcantara <paulo@paulo.ac> writes:
> >> > When compiling genheaders and mdp from a newer host kernel, the
> >> > following error happens:
> >> >
> >> > In file included from scripts/selinux/genheaders/genheaders.c:18:
> >> > ./security/selinux/include/classmap.h:238:2: error: #error New
> >> > address family defined, please update secclass_map. #error New
> >> > address family defined, please update secclass_map. ^~~~~
> >> > make[3]: *** [scripts/Makefile.host:107:
> >> > scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
> >> > [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
> >> > make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
> >> > make[1]: *** Waiting for unfinished jobs....
> >> >
> >> > Instead of relying on the host definition, include linux/socket.h in
> >> > classmap.h to have PF_MAX.
> >> >
> >> > Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> >> > ---
> >> > scripts/selinux/genheaders/genheaders.c | 1 -
> >> > scripts/selinux/mdp/mdp.c | 1 -
> >> > security/selinux/include/classmap.h | 1 +
> >> > 3 files changed, 1 insertion(+), 2 deletions(-)
> >>
> >> Ping?
> >>
> >> Could someone please take a look at this issue?
> >
> > It looks fine to me, but I typically don't merge patches this late in
> > the development window (we are at -rc8), unless it is a serious bug
> > fix.
>
> Fair enough.
>
> >> It's quite easy to reproduce on my host (4.20+) when building an
> >> unpatched 4.14 kernel ...
> >
> > While this is a good patch that does fix a real but, the fact that it
> > has been broken for several releases tells me this is not a serious
> > bug and not likely worth the risk for the upcoming merge window
> > (however small it may be). There has been a lot of good work put into
> > mdp very recently, and I expect to merge that, as well as your fix,
> > once the upcoming merge window closes.
>
> Looks good to me. Thanks!
Merged into selinux/next, thanks for the patch and your patience.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-03-18 22:59 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-25 0:55 [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX Paulo Alcantara
2019-02-27 14:36 ` Paulo Alcantara
2019-02-27 17:35 ` Paul Moore
2019-02-27 17:43 ` Paulo Alcantara
2019-03-18 22:58 ` Paul Moore
2019-02-27 17:23 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.