[PATCH v2 app-xdm 3/9] config: upgrade the checking for SELinux support

Alan Coopersmith alan.coopersmith at oracle.com
Wed Nov 24 13:31:57 PST 2010 

Gaetan Nadon wrote:
> Use "auto" rather than "try" for consistency with other modules.
> Update help string to mention default value.
> Unchanged: if configured --with-selinux and -lselinux is misisng,
> abort the configuration.
> 
> Change HAVE_SELINUX to USE_SELINUX to be consistent with
> USE_PAM, USE_XFT, USE_XPM and USE_XINERAMA.
> 
> Signed-off-by: Gaetan Nadon <memsize at videotron.ca>
> ---
>  configure.ac |   22 ++++++++++++----------
>  session.c    |   12 ++++++------
>  2 files changed, 18 insertions(+), 16 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 268b0a8..baebeea 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -134,17 +134,19 @@ if test "x$USE_PAM" != "xno" ; then
>      )
>  fi
>  
> -use_selinux_default=no
> -# Check for selinux support
> -AC_ARG_WITH(selinux, AC_HELP_STRING([--with-selinux],[Add support for selinux]),
> -	[USE_SELINUX=$withval], [USE_SELINUX=$use_selinux_default])
> +# Check for Security-Enhanced Linux (SELinux) support
> +AC_ARG_WITH(selinux, AS_HELP_STRING([--with-selinux],
> +	[Add support for SELinux (default is no support)]),
> +	[USE_SELINUX=$withval], [USE_SELINUX=no])
>  if test "x$USE_SELINUX" != "xno" ; then
> -	AC_SEARCH_LIBS(is_selinux_enabled,[selinux])
> -	AC_CHECK_FUNC(is_selinux_enabled,
> -		[AC_DEFINE(HAVE_SELINUX,1,[Add support for selinux])],
> -		[if test "x$USE_SELINUX" != "xtry" ; then
> -			AC_MSG_ERROR(["selinux support requested, but is_selinux_enabled not found."])
> -		 fi])
> +    AC_SEARCH_LIBS(is_selinux_enabled, [selinux],
> +	[AC_CHECK_FUNC([is_selinux_enabled],
> +	    [AC_DEFINE(USE_SELINUX,1,[Use Security-Enhanced Linux (SELinux) support])]
> +	)],
> +	[AS_IF([test "x$USE_SELINUX" = "xyes"],
> +	    [AC_MSG_ERROR([SELinux support requested, but is_selinux_enabled not found.])]
> +	)]
> +    )
>  fi
>  
>  # FIXME: Find better test for which OS'es use su -m  - for now, just try to
> diff --git a/session.c b/session.c
> index bdafd0b..71e0954 100644
> --- a/session.c
> +++ b/session.c
> @@ -71,17 +71,17 @@ extern int key_setnet(struct key_netstarg *arg);
>  # include <prot.h>
>  #endif
>  
> -#ifdef HAVE_SELINUX
> +#ifdef USE_SELINUX
>  #include <selinux/selinux.h>
>  #include <selinux/get_context_list.h>
> -#endif /* HAVE_SELINUX */
> +#endif /* USE_SELINUX */
>  
>  # include <dlfcn.h>
>  # ifndef RTLD_NOW
>  #  define RTLD_NOW 1
>  # endif
>  
> -#ifdef HAVE_SELINUX
> +#ifdef USE_SELINUX
>  /* This should be run just before we exec the user session. */
>  static int
>  xdm_selinux_setup (const char *login)
> @@ -115,7 +115,7 @@ xdm_selinux_setup (const char *login)
>  	freecon (scontext);
>  	return TRUE;
>  }
> -#endif /* HAVE_SELINUX */
> +#endif /* USE_SELINUX */
>  
>  static	int	runAndWait (char **args, char **environ);
>  
> @@ -817,7 +817,7 @@ StartClient (
>  	    bzero(passwd, strlen(passwd));
>  
>  	SetUserAuthorization (d, verify);
> -#ifdef HAVE_SELINUX
> +#ifdef USE_SELINUX
>     /*
>      * For Security Enhanced Linux:
>      * set the default security context for this user.
> @@ -827,7 +827,7 @@ StartClient (
>         exit (UNMANAGE_DISPLAY);
>         return (0);
>     }
> -#endif /* HAVE_SELINUX */
> +#endif /* USE_SELINUX */
>  	home = getEnv (verify->userEnviron, "HOME");
>  	if (home)
>  	    if (chdir (home) == -1) {

Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>

-- 
	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System

More information about the xorg-devel mailing list