[DSE-Dev] Re: openssh packages with updated selinux patch
Manoj Srivastava
srivasta at debian.org
Tue Oct 24 05:19:59 UTC 2006
On Tue, 24 Oct 2006 06:36:34 +0200, Aurelien Jarno <aurelien at aurel32.net> said:
> Manoj Srivastava a écrit :
>> Hi,
>>
>> I have created openssh packages with updated SELinux patches, this
>> brings us in line with the new SELinux release. The patch is
>> recorded in Bug#394795. The packages are available at:
....
>> Please test these packages out. I would like to see the SELinux
>> updates enter Etch, and would be happy to do an NMU, if desired.
> With your patch, sshd is unconditionally linked with
> libselinux. This breaks debian-installer on architectures using ssh
> for the installation, and also non-Linux architectures.
No, it is not. The configure patch:
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH(selinux,
+ [ --with-selinux[[=LIBSELINUX-PATH]] Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADERS(selinux.h)
+ LIBSELINUX="-lselinux"
+ fi
+ ])
+AC_SUBST(LIBSELINUX)
+
ensures that LIBSELINUX expands to -lselinux only on machines where
it is available, not otherwise.
Unless you are saying that the configure.ac patch is broken,
in which case please supply a log of the regenerated configure script
showing that it fails.
I have not run autoreconf prior to generating my patch, so
that the patch is not bloated with autoconf trivia.
manoj
--
Happiness is a hard disk.
Manoj Srivastava <srivasta at debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
More information about the SELinux-devel
mailing list