build: allow older libselinux again

* configure.ac (with_selinux): Check for <selinux/label.h>. * src/security/security_selinux.c (getContext): New function. (SELinuxRestoreSecurityFileLabel): Use it to restore compilation when using older libselinux.
2025-01-22 04:25:18 +00:00 · 2010-12-14 17:07:52 -07:00 · 2010-12-14 17:07:52 -07:00 · 8e2b26db94
commit 8e2b26db94
parent 8837d3c7de
2 changed files with 26 additions and 6 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1023,6 +1023,9 @@ fi
 if test "$with_selinux" = "yes"; then
  SELINUX_LIBS="-lselinux"
  AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether basic SELinux functionality is available])
+  dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
+  dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
+  AC_CHECK_HEADERS([selinux/label.h])
 fi
 AM_CONDITIONAL([HAVE_SELINUX], [test "$with_selinux" != "no"])
 AC_SUBST([SELINUX_CFLAGS])
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -14,11 +14,13 @@
 */
 #include <config.h>
 #include <selinux/selinux.h>
-#include <selinux/label.h>
 #include <selinux/context.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#if HAVE_SELINUX_LABEL_H
+# include <selinux/label.h>
+#endif

 #include "security_driver.h"
 #include "security_selinux.h"
@ -355,6 +357,25 @@ SELinuxSetFilecon(const char *path, char *tcon)
    return 0;
 }

+/* Set fcon to the appropriate label for path and mode, or return -1.  */
+static int
+getContext(const char *newpath, mode_t mode, security_context_t *fcon)
+{
+#if HAVE_SELINUX_LABEL_H
+    struct selabel_handle *handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+    int ret;
+
+    if (handle == NULL)
+        return -1;
+
+    ret = selabel_lookup(handle, fcon, newpath, mode);
+    selabel_close(handle);
+    return ret;
+#else
+    return matchpathcon(newpath, mode, fcon);
+#endif
+}
+

 /* This method shouldn't raise errors, since they'll overwrite
 * errors that the caller(s) are already dealing with */
@ -363,7 +384,6 @@ SELinuxRestoreSecurityFileLabel(const char *path)
 {
    struct stat buf;
    security_context_t fcon = NULL;
-    struct selabel_handle *handle = NULL;
    int rc = -1;
    char *newpath = NULL;
    char ebuf[1024];
@ -382,16 +402,13 @@ SELinuxRestoreSecurityFileLabel(const char *path)
        goto err;
    }

-    if ((handle = selabel_open(SELABEL_CTX_FILE, NULL, 0)) == NULL ||
-        selabel_lookup(handle, &fcon, newpath, buf.st_mode) < 0) {
+    if (getContext(newpath, buf.st_mode, &fcon) < 0) {
        VIR_WARN("cannot lookup default selinux label for %s", newpath);
    } else {
        rc = SELinuxSetFilecon(newpath, fcon);
    }

 err:
-    if (handle)
-        selabel_close(handle);
    freecon(fcon);
    VIR_FREE(newpath);
    return rc;