SELinux-Refpolicy Archive on lore.kernel.org
 help / Atom feed
* [PATCH 1/3] build: add config for libc gnu and musl
@ 2018-11-18 11:37 Jason Zaman
  2018-11-18 11:37 ` [PATCH 2/3] libraries: ldconfig is a shell script on Gentoo musl libc Jason Zaman
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jason Zaman @ 2018-11-18 11:37 UTC (permalink / raw)
  To: selinux-refpolicy; +Cc: Jason Zaman

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 Makefile               | 7 +++++++
 build.conf             | 5 +++++
 support/Makefile.devel | 4 ++++
 3 files changed, 16 insertions(+)

diff --git a/Makefile b/Makefile
index 57d297c9..8e149345 100644
--- a/Makefile
+++ b/Makefile
@@ -192,6 +192,10 @@ ifeq "$(DISTRO)" "ubuntu"
 	M4PARAM += -D distro_debian
 endif
 
+ifneq ($(LIBC),)
+	M4PARAM += -D libc_$(LIBC)
+endif
+
 ifeq "$(SYSTEMD)" "y"
 	M4PARAM += -D init_systemd
 endif
@@ -541,6 +545,9 @@ install-headers: $(layerxml) $(tunxml) $(boolxml)
 	$(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
 ifneq "$(DISTRO)" ""
 	$(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
+endif
+ifneq "$(LIBC)" ""
+	$(verbose) echo "LIBC ?= $(LIBC)" >> $(headerdir)/build.conf
 endif
 	$(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
 	$(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
diff --git a/build.conf b/build.conf
index a2f1a9b5..add0fcf8 100644
--- a/build.conf
+++ b/build.conf
@@ -29,6 +29,11 @@ NAME = refpolicy
 # Fedora users should enable redhat.
 #DISTRO = redhat
 
+# libc
+# Setting this will configure which libc is used.
+# gnu, musl are the current options.
+LIBC = gnu
+
 # Unknown Permissions Handling
 # The behavior for handling permissions defined in the
 # kernel but missing from the policy.  The permissions
diff --git a/support/Makefile.devel b/support/Makefile.devel
index f3daca11..fb296084 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -58,6 +58,10 @@ ifneq ($(DISTRO),)
 	M4PARAM += -D distro_$(DISTRO)
 endif
 
+ifneq ($(LIBC),)
+	M4PARAM += -D libc_$(LIBC)
+endif
+
 ifeq "$(SYSTEMD)" "y"
 	M4PARAM += -D init_systemd
 endif
-- 
2.18.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 2/3] libraries: ldconfig is a shell script on Gentoo musl libc
  2018-11-18 11:37 [PATCH 1/3] build: add config for libc gnu and musl Jason Zaman
@ 2018-11-18 11:37 ` Jason Zaman
  2018-11-18 11:37 ` [PATCH 3/3] sysnetwork: musl needs bind generic node for DNS Jason Zaman
  2018-11-22 13:39 ` [PATCH 1/3] build: add config for libc gnu and musl Chris PeBenito
  2 siblings, 0 replies; 4+ messages in thread
From: Jason Zaman @ 2018-11-18 11:37 UTC (permalink / raw)
  To: selinux-refpolicy; +Cc: Jason Zaman

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 policy/modules/system/libraries.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 422b0ea1..3bb792e6 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -145,3 +145,11 @@ optional_policy(`
 optional_policy(`
 	unconfined_domain(ldconfig_t)
 ')
+
+ifdef(`distro_gentoo',`
+	ifdef(`libc_musl',`
+		allow ldconfig_t self:fifo_file rw_fifo_file_perms;
+		corecmd_exec_shell(ldconfig_t)
+		corecmd_exec_bin(ldconfig_t)
+	')
+')
-- 
2.18.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 3/3] sysnetwork: musl needs bind generic node for DNS
  2018-11-18 11:37 [PATCH 1/3] build: add config for libc gnu and musl Jason Zaman
  2018-11-18 11:37 ` [PATCH 2/3] libraries: ldconfig is a shell script on Gentoo musl libc Jason Zaman
@ 2018-11-18 11:37 ` Jason Zaman
  2018-11-22 13:39 ` [PATCH 1/3] build: add config for libc gnu and musl Chris PeBenito
  2 siblings, 0 replies; 4+ messages in thread
From: Jason Zaman @ 2018-11-18 11:37 UTC (permalink / raw)
  To: selinux-refpolicy; +Cc: Jason Zaman

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 policy/modules/system/sysnetwork.if | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 316f4362..3685d1a3 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -765,6 +765,11 @@ interface(`sysnet_dns_name_resolve',`
 			systemd_read_machines($1)
 		')
 	')
+
+	ifdef(`libc_musl',`
+		corenet_tcp_bind_generic_node($1)
+		corenet_udp_bind_generic_node($1)
+	')
 ')
 
 ########################################
-- 
2.18.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 1/3] build: add config for libc gnu and musl
  2018-11-18 11:37 [PATCH 1/3] build: add config for libc gnu and musl Jason Zaman
  2018-11-18 11:37 ` [PATCH 2/3] libraries: ldconfig is a shell script on Gentoo musl libc Jason Zaman
  2018-11-18 11:37 ` [PATCH 3/3] sysnetwork: musl needs bind generic node for DNS Jason Zaman
@ 2018-11-22 13:39 ` Chris PeBenito
  2 siblings, 0 replies; 4+ messages in thread
From: Chris PeBenito @ 2018-11-22 13:39 UTC (permalink / raw)
  To: Jason Zaman, selinux-refpolicy

On 11/18/18 6:37 AM, Jason Zaman wrote:
> Signed-off-by: Jason Zaman <jason@perfinion.com>
> ---
>   Makefile               | 7 +++++++
>   build.conf             | 5 +++++
>   support/Makefile.devel | 4 ++++
>   3 files changed, 16 insertions(+)
> 
> diff --git a/Makefile b/Makefile
> index 57d297c9..8e149345 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -192,6 +192,10 @@ ifeq "$(DISTRO)" "ubuntu"
>   	M4PARAM += -D distro_debian
>   endif
>   
> +ifneq ($(LIBC),)
> +	M4PARAM += -D libc_$(LIBC)
> +endif
> +
>   ifeq "$(SYSTEMD)" "y"
>   	M4PARAM += -D init_systemd
>   endif
> @@ -541,6 +545,9 @@ install-headers: $(layerxml) $(tunxml) $(boolxml)
>   	$(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
>   ifneq "$(DISTRO)" ""
>   	$(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
> +endif
> +ifneq "$(LIBC)" ""
> +	$(verbose) echo "LIBC ?= $(LIBC)" >> $(headerdir)/build.conf
>   endif
>   	$(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
>   	$(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
> diff --git a/build.conf b/build.conf
> index a2f1a9b5..add0fcf8 100644
> --- a/build.conf
> +++ b/build.conf
> @@ -29,6 +29,11 @@ NAME = refpolicy
>   # Fedora users should enable redhat.
>   #DISTRO = redhat
>   
> +# libc
> +# Setting this will configure which libc is used.
> +# gnu, musl are the current options.
> +LIBC = gnu
> +
>   # Unknown Permissions Handling
>   # The behavior for handling permissions defined in the
>   # kernel but missing from the policy.  The permissions
> diff --git a/support/Makefile.devel b/support/Makefile.devel
> index f3daca11..fb296084 100644
> --- a/support/Makefile.devel
> +++ b/support/Makefile.devel
> @@ -58,6 +58,10 @@ ifneq ($(DISTRO),)
>   	M4PARAM += -D distro_$(DISTRO)
>   endif
>   
> +ifneq ($(LIBC),)
> +	M4PARAM += -D libc_$(LIBC)
> +endif
> +
>   ifeq "$(SYSTEMD)" "y"
>   	M4PARAM += -D init_systemd
>   endif

I'm not inclined to merge this set.  It seems niche, even in terms of 
Gentoo.

-- 
Chris PeBenito

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-18 11:37 [PATCH 1/3] build: add config for libc gnu and musl Jason Zaman
2018-11-18 11:37 ` [PATCH 2/3] libraries: ldconfig is a shell script on Gentoo musl libc Jason Zaman
2018-11-18 11:37 ` [PATCH 3/3] sysnetwork: musl needs bind generic node for DNS Jason Zaman
2018-11-22 13:39 ` [PATCH 1/3] build: add config for libc gnu and musl Chris PeBenito

SELinux-Refpolicy Archive on lore.kernel.org

Archives are clonable: git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \
		selinux-refpolicy@vger.kernel.org selinux-refpolicy@archiver.kernel.org
	public-inbox-index selinux-refpolicy


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy


AGPL code for this site: git clone https://public-inbox.org/ public-inbox