selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Paulo Alcantara <paulo@paulo.ac>
To: selinux@vger.kernel.org
Cc: paul@paul-moore.com
Subject: Re: [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX
Date: Wed, 27 Feb 2019 11:36:37 -0300	[thread overview]
Message-ID: <87y36170y2.fsf@paulo.ac> (raw)
In-Reply-To: <20190225005528.28371-1-paulo@paulo.ac>

Paulo Alcantara <paulo@paulo.ac> writes:

> When compiling genheaders and mdp from a newer host kernel, the
> following error happens:
>
>     In file included from scripts/selinux/genheaders/genheaders.c:18:
>     ./security/selinux/include/classmap.h:238:2: error: #error New
>     address family defined, please update secclass_map.  #error New
>     address family defined, please update secclass_map.  ^~~~~
>     make[3]: *** [scripts/Makefile.host:107:
>     scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
>     [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
>     make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
>     make[1]: *** Waiting for unfinished jobs....
>
> Instead of relying on the host definition, include linux/socket.h in
> classmap.h to have PF_MAX.
>
> Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
> ---
>  scripts/selinux/genheaders/genheaders.c | 1 -
>  scripts/selinux/mdp/mdp.c               | 1 -
>  security/selinux/include/classmap.h     | 1 +
>  3 files changed, 1 insertion(+), 2 deletions(-)

Ping?

Could someone please take a look at this issue?

It's quite easy to reproduce on my host (4.20+) when building an
unpatched 4.14 kernel[1]:

    $ make defconfig
    *** Default configuration is based on 'x86_64_defconfig'
    #
    # configuration written to .config
    #
    $ make scripts
    scripts/kconfig/conf  --silentoldconfig Kconfig
      WRAP    arch/x86/include/generated/asm/clkdev.h
      WRAP    arch/x86/include/generated/asm/dma-contiguous.h
      WRAP    arch/x86/include/generated/asm/early_ioremap.h
      WRAP    arch/x86/include/generated/asm/mcs_spinlock.h
      WRAP    arch/x86/include/generated/asm/mm-arch-hooks.h
      CC      scripts/mod/empty.o
      HOSTCC  scripts/mod/mk_elfconfig
      MKELF   scripts/mod/elfconfig.h
      HOSTCC  scripts/mod/modpost.o
      CC      scripts/mod/devicetable-offsets.s
      CHK     scripts/mod/devicetable-offsets.h
      UPD     scripts/mod/devicetable-offsets.h
      HOSTCC  scripts/mod/file2alias.o
      HOSTCC  scripts/mod/sumversion.o
      HOSTLD  scripts/mod/modpost
      HOSTCC  scripts/selinux/genheaders/genheaders
    In file included from scripts/selinux/genheaders/genheaders.c:19:
    ./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map.
     #error New address family defined, please update secclass_map.
      ^~~~~
    make[3]: *** [scripts/Makefile.host:102: scripts/selinux/genheaders/genheaders] Error 1
    make[2]: *** [scripts/Makefile.build:585: scripts/selinux/genheaders] Error 2
    make[1]: *** [scripts/Makefile.build:585: scripts/selinux] Error 2
    make: *** [Makefile:572: scripts] Error 2

Thanks
Paulo

[1] https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.104.tar.xz

>
> diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
> index 1ceedea847dd..544ca126a8a8 100644
> --- a/scripts/selinux/genheaders/genheaders.c
> +++ b/scripts/selinux/genheaders/genheaders.c
> @@ -9,7 +9,6 @@
>  #include <string.h>
>  #include <errno.h>
>  #include <ctype.h>
> -#include <sys/socket.h>
>  
>  struct security_class_mapping {
>  	const char *name;
> diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
> index 073fe7537f6c..6d51b74bc679 100644
> --- a/scripts/selinux/mdp/mdp.c
> +++ b/scripts/selinux/mdp/mdp.c
> @@ -32,7 +32,6 @@
>  #include <stdlib.h>
>  #include <unistd.h>
>  #include <string.h>
> -#include <sys/socket.h>
>  
>  static void usage(char *name)
>  {
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index bd5fe0d3204a..201f7e588a29 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -1,5 +1,6 @@
>  /* SPDX-License-Identifier: GPL-2.0 */
>  #include <linux/capability.h>
> +#include <linux/socket.h>
>  
>  #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
>      "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
> -- 
> 2.20.1

  reply	other threads:[~2019-02-27 17:09 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-25  0:55 [PATCH] selinux: use kernel linux/socket.h definitions for PF_MAX Paulo Alcantara
2019-02-27 14:36 ` Paulo Alcantara [this message]
2019-02-27 17:35   ` Paul Moore
2019-02-27 17:43     ` Paulo Alcantara
2019-03-18 22:58       ` Paul Moore
2019-02-27 17:23 ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87y36170y2.fsf@paulo.ac \
    --to=paulo@paulo.ac \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).