469224 – sys-apps/net-tools should optionally support SELinux

Bug 469224 - sys-apps/net-tools should optionally support SELinux

Summary: sys-apps/net-tools should optionally support SELinux

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-05-09 20:36 UTC by Sven Vermeulen (RETIRED)
Modified:	2013-05-13 16:29 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Makefile fix to add -lselinux at end of compile statement (add-selinux-linking-at-end-bug-469224.patch,714 bytes, patch) 2013-05-10 16:39 UTC, Sven Vermeulen (RETIRED)	Details \| Diff
ebuild patch to enable SELinux support and apply beforementioned fix (net-tools-ebuild-patch-use-selinux.patch,1.04 KB, patch) 2013-05-10 16:43 UTC, Sven Vermeulen (RETIRED)	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Vermeulen (RETIRED) gentoo-dev

2013-05-09 20:36:46 UTC

Small update on the package includes SELinux support:

set_opt HAVE_SELINUX use selinux

However, I still had to do some tweaking to get it to link with libselinux properly:

"""
x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -lselinux -Llib -o rarp rarp.o -lnet-tools
netstat.o: In function `prg_cache_load':
netstat.c:(.text+0xa0c): undefined reference to `getpidcon'
netstat.c:(.text+0xa89): undefined reference to `freecon'
netstat.o: In function `main':
netstat.c:(.text+0x556d): undefined reference to `is_selinux_enabled'
collect2: ld returned 1 exit status
"""

Putting -lselinux before the LDFLAGS (for instance in the Makefile directly, where netstat is built:

"""
$(CC) -lselinux $(LDFLAGS) ...
"""

or prepend to LDFLAGS rather than append. Not sure though why this is important, I'll have to look into the details of ld for that first. Assigning to myself until I have a patch + reason ;)

Reproducible: Always

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2013-05-10 16:39:41 UTC

Created attachment 347942 [details, diff]
Makefile fix to add -lselinux at end of compile statement

This patch file fixes the Makefile in net-tools to use an EXTRALIBS variable (instead of LDFLAGS) to append -lselinux to. The $(EXTRALIBS) is used at the end of the $(CC) call (like is done with other linkage targets).

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2013-05-10 16:43:41 UTC

Created attachment 347944 [details, diff]
ebuild patch to enable SELinux support and apply beforementioned fix

This patch applies against the net-tools ebuild and enables SELinux support as well as applies the above mentioned patch against the Makefile.

Comment 3 SpanKY gentoo-dev

2013-05-11 04:49:27 UTC

Comment on attachment 347944 [details, diff]
ebuild patch to enable SELinux support and apply beforementioned fix

we're not applying patches to the source anymore

Comment 4 SpanKY gentoo-dev

2013-05-11 04:59:18 UTC

Comment on attachment 347942 [details, diff]
Makefile fix to add -lselinux at end of compile statement

i've committed these upstream instead:

http://sourceforge.net/p/net-tools/code/ci/4fa493927df676065fefabeee385ff10a3080cc7
http://sourceforge.net/p/net-tools/code/ci/266c1405a6c99fcfc4eba650eaf0061dd4939c25/

Comment 5 SpanKY gentoo-dev

2013-05-13 16:29:51 UTC

should be all set now in the tree; thanks for the report!

Commit message: Version bump w/cleaned up selinux support
http://sources.gentoo.org/sys-apps/net-tools/net-tools-1.60_p20130513023548.ebuild?rev=1.1
http://sources.gentoo.org/sys-apps/net-tools/net-tools-9999.ebuild?r1=1.3&r2=1.4