Fix build compat with older libselinux for LXC

Most versions of libselinux do not contain the function selinux_lxc_contexts_path() that the security driver recently started using for LXC. We must add a conditional check for it in configure and then disable the LXC security driver for builds where libselinux lacks this function. * configure.ac: Check for selinux_lxc_contexts_path * src/security/security_selinux.c: Disable LXC security if selinux_lxc_contexts_path() is missing
2025-01-21 20:15:17 +00:00 · 2012-05-16 14:18:25 +01:00 · 2012-05-16 14:18:25 +01:00 · 7ba66ef285
commit 7ba66ef285
parent 51bcb09fe9
2 changed files with 17 additions and 3 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1360,6 +1360,7 @@ else
  fail=0
  AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
  AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
+  AC_CHECK_FUNCS([selinux_lxc_contexts_path])
  CFLAGS="$old_cflags"
  LIBS="$old_libs"

--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -127,6 +127,7 @@ err:
 }


+#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static int
 SELinuxLXCInitialize(virSecurityManagerPtr mgr)
 {
@ -189,6 +190,15 @@ error:
    VIR_FREE(data->content_context);
    return -1;
 }
+#else
+static int
+SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+{
+    virReportSystemError(ENOSYS, "%s",
+                         _("libselinux does not support LXC contexts path"));
+    return -1;
+}
+#endif


 static int
@ -443,9 +453,12 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
    if (!is_selinux_enabled())
        return SECURITY_DRIVER_DISABLE;

-    if (virtDriver && STREQ(virtDriver, "LXC") &&
-        !virFileExists(selinux_lxc_contexts_path()))
-        return SECURITY_DRIVER_DISABLE;
+    if (virtDriver && STREQ(virtDriver, "LXC")) {
+#if HAVE_SELINUX_LXC_CONTEXTS_PATH
+        if (!virFileExists(selinux_lxc_contexts_path()))
+#endif
+            return SECURITY_DRIVER_DISABLE;
+    }

    return SECURITY_DRIVER_ENABLE;
 }