[libvirt] [PATCH] Fix build compat with older libselinux for LXC
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Most versions of libselinux do not contain the function
selinux_lxc_contexts_path() that the security driver
recently started using for LXC. We must add a conditional
check for it in configure and then disable the LXC security
driver for builds where libselinux lacks this function.
NB although this qualifies as a build breaker fix, I'm
not pushing until it has had review
* configure.ac: Check for selinux_lxc_contexts_path
* src/security/security_selinux.c: Disable LXC security
if selinux_lxc_contexts_path() is missing
---
configure.ac | 1 +
src/security/security_selinux.c | 19 ++++++++++++++++---
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9c356c9..d666736 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1360,6 +1360,7 @@ else
fail=0
AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
+ AC_CHECK_FUNCS([selinux_lxc_contexts_path])
CFLAGS="$old_cflags"
LIBS="$old_libs"
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b0bb0a0..2b8ff19 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -127,6 +127,7 @@ err:
}
+#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
static int
SELinuxLXCInitialize(virSecurityManagerPtr mgr)
{
@@ -189,6 +190,15 @@ error:
VIR_FREE(data->content_context);
return -1;
}
+#else
+static int
+SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("libselinux does not support LXC contexts path"));
+ return -1;
+}
+#endif
static int
@@ -443,9 +453,12 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
if (!is_selinux_enabled())
return SECURITY_DRIVER_DISABLE;
- if (virtDriver && STREQ(virtDriver, "LXC") &&
- !virFileExists(selinux_lxc_contexts_path()))
- return SECURITY_DRIVER_DISABLE;
+ if (virtDriver && STREQ(virtDriver, "LXC")) {
+#if HAVE_SELINUX_LXC_CONTEXTS_PATH
+ if (!virFileExists(selinux_lxc_contexts_path()))
+#endif
+ return SECURITY_DRIVER_DISABLE;
+ }
return SECURITY_DRIVER_ENABLE;
}
--
1.7.7.6