| Message ID | 20200901110452.386724-1-dominick.grift@defensec.nl (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [RFC] newrole: do not rely on hard-coded audith and pamh paths | expand |
On Tue, Sep 1, 2020 at 10:56 AM Dominick Grift <dominick.grift@defensec.nl> wrote: > > This causes issue with cross-compiling as the headers might not exist on the host > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> > --- > I was attempting to build a OpenWRT image with SELinux when I hit the above. The aforementioned headers did not exist on the host and instead were located in %{buildroot}/usr/lib > I managed to get around this issue by installing the headers on the host. > Eventually I was unable to build the image though as there was some "ld undefined symbol" issue when it tried to compile busybox with SELinux support. > I must have done something wrong. > > policycoreutils/newrole/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile > index 73ebd413..f508e242 100644 > --- a/policycoreutils/newrole/Makefile > +++ b/policycoreutils/newrole/Makefile > @@ -5,8 +5,8 @@ BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > ETCDIR ?= /etc > LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale > -PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) > -AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > +PAMH ?= y > +AUDITH ?= y Maybe define an INCLUDEDIR as in some of the other Makefiles and use it instead of /usr/include, ala: INCLUDEDIR ?= $(PREFIX)/include PAMH ?= $(shell test -f $(INCLUDEDIR)/security/pam_appl.h && echo y) AUDITH ?= $(shell test -f $(INCLUDEDIR)/libaudit.h && echo y)
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile index 73ebd413..f508e242 100644 --- a/policycoreutils/newrole/Makefile +++ b/policycoreutils/newrole/Makefile @@ -5,8 +5,8 @@ BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man ETCDIR ?= /etc LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale -PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) -AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) +PAMH ?= y +AUDITH ?= y # Enable capabilities to permit newrole to generate audit records. # This will make newrole a setuid root program. # The capabilities used are: CAP_AUDIT_WRITE.
This causes issue with cross-compiling as the headers might not exist on the host Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> --- I was attempting to build a OpenWRT image with SELinux when I hit the above. The aforementioned headers did not exist on the host and instead were located in %{buildroot}/usr/lib I managed to get around this issue by installing the headers on the host. Eventually I was unable to build the image though as there was some "ld undefined symbol" issue when it tried to compile busybox with SELinux support. I must have done something wrong. policycoreutils/newrole/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)