From 4a3564fe85b15fc463b0b579bd12c6e7cf54eb73 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Mon, 19 Nov 2012 23:06:21 +0200 Subject: [PATCH] Bugfixes. * configure.ac: Avoid linking against -lacl when --without-posix-acls is given. * tests/selacl01.at: Call restorecon * tests/selnx01.at: Likewise. * tests/testsuite.at (AT_SELINUX_UTILS_PREREQ): Likewise. (AT_SELINUX_PREREQ,AT_ACLS_PREREQ): Use the right _PREREQ macros. --- configure.ac | 42 +++++++++++++++++++++++------------------- tests/selacl01.at | 1 + tests/selnx01.at | 1 + tests/testsuite.at | 5 +++-- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/configure.ac b/configure.ac index 3e501a8..8225031 100644 --- a/configure.ac +++ b/configure.ac @@ -70,6 +70,29 @@ if test $diff_cv_st_fstype_string = yes; then [Define if struct stat has a char st_fstype[] member.]) fi +# even if we use gnulib's acl.h with integrated m4 file later on (used because +# of very useful file_has_acl() function) we need following checks that restrict +# tar to use POSIX.1e ACLs only. +AC_ARG_WITH([posix-acls], + AS_HELP_STRING([--without-posix-acls], + [do not use POSIX.1e access control lists]), + [with_posix_acls=no]) +if test "x$with_posix_acls" != "xno"; then + AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acl=no]) + AC_SEARCH_LIBS([acl_get_file], [acl pacl],, [with_posix_acl=no]) + AC_SEARCH_LIBS([acl_get_fd], [acl pacl],, [with_posix_acl=no]) + AC_SEARCH_LIBS([acl_set_file], [acl pacl],, [with_posix_acl=no]) + AC_SEARCH_LIBS([acl_set_fd], [acl pacl],, [with_posix_acl=no]) + AC_SEARCH_LIBS([acl_to_text], [acl pacl],, [with_posix_acl=no]) + AC_SEARCH_LIBS([acl_from_text], [acl pacl],, [with_posix_acl=no]) + if test "x$with_posix_acls" != xno; then + AC_DEFINE(HAVE_POSIX_ACLS,,[Define when we have working POSIX acls]) + fi +else + # disable acls in gnulib's checks + export enable_acl=no +fi + AC_TYPE_SIGNAL AC_TYPE_MODE_T AC_TYPE_PID_T @@ -94,25 +117,6 @@ TAR_HEADERS_ATTR_XATTR_H AC_CHECK_FUNCS_ONCE([fchmod fchown fsync lstat mkfifo readlink symlink]) -# we use gnulib's acl.h - because of very useful file_has_acl() function. M4 -# file from gnulib/acl does a quite good job of course. The problem is that -# this function works on wide list of platforms and we need to restrict tar to -# use POSIX.1e ACLs only. -AC_ARG_WITH([posix-acls], - AS_HELP_STRING([--without-posix-acls], - [do not use POSIX.1e access control lists]), - [with_posix_acls=no]) -AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acl=no]) -AC_SEARCH_LIBS([acl_get_file], [acl pacl],, [with_posix_acl=no]) -AC_SEARCH_LIBS([acl_get_fd], [acl pacl],, [with_posix_acl=no]) -AC_SEARCH_LIBS([acl_set_file], [acl pacl],, [with_posix_acl=no]) -AC_SEARCH_LIBS([acl_set_fd], [acl pacl],, [with_posix_acl=no]) -AC_SEARCH_LIBS([acl_to_text], [acl pacl],, [with_posix_acl=no]) -AC_SEARCH_LIBS([acl_from_text], [acl pacl],, [with_posix_acl=no]) -if test "x$with_posix_acls" != xno; then - AC_DEFINE(HAVE_POSIX_ACLS,,[Define when we have working POSIX acls]) -fi - AC_CHECK_DECLS([getgrgid],,, [#include ]) AC_CHECK_DECLS([getpwuid],,, [#include ]) AC_CHECK_DECLS([time],,, [#include ]) diff --git a/tests/selacl01.at b/tests/selacl01.at index 60f106b..90d0c5b 100644 --- a/tests/selacl01.at +++ b/tests/selacl01.at @@ -36,6 +36,7 @@ MINOR=$( stat /dev/urandom --printf="%T" ) mknod dir/chartype c $MAJOR $MINOR # setup attributes +restorecon -R dir chcon -h --user=system_u dir/fifo chcon -h --user=system_u dir/chartype setfacl -m u:$UID:--- dir/fifo diff --git a/tests/selnx01.at b/tests/selnx01.at index 13a208a..79f7267 100644 --- a/tests/selnx01.at +++ b/tests/selnx01.at @@ -33,6 +33,7 @@ ln -s file dir/link getfattr -h -d -msecurity.selinux dir dir/file dir/link > start +restorecon -R dir chcon -h --user=system_u dir chcon -h --user=unconfined_u dir/file chcon -h --user=system_u dir/link diff --git a/tests/testsuite.at b/tests/testsuite.at index 08266c9..d8ee991 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -132,6 +132,7 @@ m4_define([AT_XATTRS_UTILS_PREREQ],[ ]) m4_define([AT_SELINUX_UTILS_PREREQ],[ file=$( mktemp -p . ) + AT_CHECK_UTIL(restorecon $file, 0) AT_CHECK_UTIL(chcon -h --user=unconfined_u $file,0) rm -rf $file ]) @@ -158,7 +159,7 @@ m4_define([AT_XATTRS_PREREQ],[ fi ]) m4_define([AT_SELINUX_PREREQ],[ - AT_XATTRS_UTILS_PREREQ + AT_SELINUX_UTILS_PREREQ file=$( mktemp -p . ) err=$( tar --selinux -cf /dev/null $file 2>&1 >/dev/null | wc -l ) if test "$err" != "0"; then @@ -166,7 +167,7 @@ m4_define([AT_SELINUX_PREREQ],[ fi ]) m4_define([AT_ACLS_PREREQ],[ - AT_XATTRS_UTILS_PREREQ + AT_ACLS_UTILS_PREREQ file=$( mktemp -p . ) setfacl -m u:$UID:rwx $file err=$( tar --acls -cf /dev/null $file 2>&1 >/dev/null | wc -l ) -- 2.45.2