[libvirt] build failure on ubuntu
I haven't looked into this closely yet, but Daniel's security refactoring broke the Ubuntu 'make check' build when apparmor is enabled: CC secaatest.o secaatest.c: In function 'main': secaatest.c:18: error: implicit declaration of function 'virSecurityDriverStartup' [-Wimplicit-function-declaration] -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
2011/1/14 Eric Blake <eblake@redhat.com>:
I haven't looked into this closely yet, but Daniel's security refactoring broke the Ubuntu 'make check' build when apparmor is enabled:
CC secaatest.o secaatest.c: In function 'main': secaatest.c:18: error: implicit declaration of function 'virSecurityDriverStartup' [-Wimplicit-function-declaration]
As part of Dan's security driver refactoring (commit d6623003) he also updated seclabeltest.c as this one was meant for the SELinux security driver. secaatest.c was meant for the AppArmor driver that probably isn't enabled on his computer, so he didn't notice the problem here. We can use seclabeltest.c as an example how to update secaatest.c too. The problem here is that virSecurityDriverStartup(&security_drv, "selinux", false); got replaced by virSecurityManagerNew(NULL, false); in seclabeltest.c. This means that the old test explicitly tested the SELinux driver, the new test just picks the first available and enabled driver. Using virSecurityManagerNew("apparmor", false); fails for me because it tests if AppArmor is properly configured for libvirt, that's not the case on my system. Therefore, secaatest still fails for me. As seclabeltest and secaatest only test for a non-NULL model and DOI string, I wonder if we should just remove secaatest and make seclabeltest unconditional as we have a dummy security driver in place now, when SELinux and AppArmor are disabled. Matthias
On 01/14/2011 02:56 AM, Matthias Bolte wrote:
2011/1/14 Eric Blake <eblake@redhat.com>:
I haven't looked into this closely yet, but Daniel's security refactoring broke the Ubuntu 'make check' build when apparmor is enabled:
CC secaatest.o secaatest.c: In function 'main': secaatest.c:18: error: implicit declaration of function 'virSecurityDriverStartup' [-Wimplicit-function-declaration]
As part of Dan's security driver refactoring (commit d6623003) he also updated seclabeltest.c as this one was meant for the SELinux security driver. secaatest.c was meant for the AppArmor driver that probably isn't enabled on his computer, so he didn't notice the problem here.
In fact, SELinux and AppArmor appear to be mutually exclusive; I don't know of any distro that provides both security approaches side-by-side for installation on the same system.
As seclabeltest and secaatest only test for a non-NULL model and DOI string, I wonder if we should just remove secaatest and make seclabeltest unconditional as we have a dummy security driver in place now, when SELinux and AppArmor are disabled.
Anything we can do to break the test dependency on having a particular security system already in place seems good to me. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake -
Matthias Bolte