[Pkg-shadow-devel] [PATCH 11/11] newuidmap, newgidmap: New suid helpers for using subordinate uids and gids

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm at xmission.com):
> "Serge E. Hallyn" <serge at hallyn.com> writes:
> 
> > Note you need the following bit on top of your patch to make newuidmap
> > and newgidmap link against libselinux.  Otherwise selinux-enabled builds
> > (default in ubuntu) fail.
> 
> Interesting.  I can't imagine what brings in libselinux.  But I am in
> favor of whatever works.

FWIW, it came in through libshadow (presumably shadowio.c which
includes commonio, which calls set_selinux_file_context).  Oh,
I also see newuidmap.c #including subordinateio which includes
commonio.

libtool: link: gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -Wl,-Bsymbolic-functions -Wl,-z -Wl,relro -o newgidmap newgidmap.o  ../libmisc/libmisc.a ../lib/.libs/libshadow.a
../lib/.libs/libshadow.a(selinux.o): In function `set_selinux_file_context':
/build/buildd/shadow-4.1.5.1/lib/selinux.c:64: undefined reference to `matchpathcon'
/build/buildd/shadow-4.1.5.1/lib/selinux.c:70: undefined reference to `setfscreatecon'
/build/buildd/shadow-4.1.5.1/lib/selinux.c:75: undefined reference to `freecon'
/build/buildd/shadow-4.1.5.1/lib/selinux.c:58: undefined reference to `is_selinux_enabled'
/build/buildd/shadow-4.1.5.1/lib/selinux.c:65: undefined reference to `security_getenforce'
/build/buildd/shadow-4.1.5.1/lib/selinux.c:71: undefined reference to `security_getenforce'
../lib/.libs/libshadow.a(selinux.o): In function `reset_selinux_file_context':
/build/buildd/shadow-4.1.5.1/lib/selinux.c:94: undefined reference to `setfscreatecon'
/build/buildd/shadow-4.1.5.1/lib/selinux.c:90: undefined reference to `is_selinux_enabled'
collect2: error: ld returned 1 exit status