libselinux: update to 3.2

* Merge inc file into bb file. * Drop obsolete patches: 0001-libselinux-do-not-define-gettid-for-musl.patch libselinux-define-FD_CLOEXEC-as-necessary.patch libselinux-make-O_CLOEXEC-optional.patch libselinux-make-SOCK_CLOEXEC-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Yi Zhao <yi.zhao@windriver.com> 2021-03-13 13:50:31 +0800
committer: Joe MacDonald <joe@deserted.net> 2021-03-17 09:39:50 -0400
commit: b78b413a24cf97f5ebda73bcf36fcb15ffbe1abf (patch)
tree: a94331d8e45daadf00799dabee73a0c6f6ce2c66
parent: d10900fc87b7ac7758b15b275659b8a6e1042397 (diff)
download: meta-selinux-b78b413a24cf97f5ebda73bcf36fcb15ffbe1abf.tar.gz
6 files changed, 6 insertions, 235 deletions
diff --git a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
deleted file mode 100644
index 5d6e409..0000000
--- a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 5f6f4a095bc82b29c3871d4d8a15d9c16cef39ef Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Wed, 6 Jan 2021 10:42:11 +0800
-Subject: [PATCH] libselinux: do not define gettid() for musl
-The musl has implemented gettid() function:
-http://git.musl-libc.org/cgit/musl/commit/?id=d49cf07541bb54a5ac7aec1feec8514db33db8ea
-Fixes:
-procattr.c:38:14: error: static declaration of 'gettid' follows non-static declaration
-   38 | static pid_t gettid(void)
-      |              ^~~~~~
-In file included from procattr.c:2:
-/build/tmp/work/core2-32-poky-linux-musl/libselinux/3.1-r0/recipe-sysroot/usr/include/unistd.h:194:7:
-note: previous declaration of 'gettid' was here
-   194 | pid_t gettid(void);
-       |       ^~~~~~
-Upstream-Status: Pending
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- src/procattr.c | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-diff --git a/src/procattr.c b/src/procattr.c
-index 926ee54..519e515 100644
--- a/src/procattr.c
-+++ b/src/procattr.c
-@@ -24,13 +24,7 @@ static __thread char destructor_initialized;
- 
- /* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
-  * has a definition for it */
-#ifdef __BIONIC__
-  #define OVERRIDE_GETTID 0
-#elif !defined(__GLIBC_PREREQ)
-  #define OVERRIDE_GETTID 1
-#elif !__GLIBC_PREREQ(2,30)
-  #define OVERRIDE_GETTID 1
-#else
-+#if !defined(__GLIBC_)
-   #define OVERRIDE_GETTID 0
- #endif
- 
-- 
-2.17.1
diff --git a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch b/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
deleted file mode 100644
index 25d4b24..0000000
--- a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d0aaf391ab30b253aa22ef6547a039bcac840fc6 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdonald@windriver.com>
-Date: Tue, 15 Oct 2013 10:14:41 -0400
-Subject: [PATCH] libselinux: define FD_CLOEXEC as necessary
-In truly old systems, even FD_CLOEXEC may not be defined.  Produce a
-warning and duplicate the #define for FD_CLOEXEC found in
-asm-generic/fcntl.h on more modern platforms.
-Upstream-Status: Inappropriate
-Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
---
- src/setrans_client.c | 5 +++++
- 1 file changed, 5 insertions(+)
-diff --git a/src/setrans_client.c b/src/setrans_client.c
-index fa188a8..a94f02c 100644
--- a/src/setrans_client.c
-+++ b/src/setrans_client.c
-@@ -39,6 +39,11 @@ static pthread_key_t destructor_key;
- static int destructor_key_initialized = 0;
- static __thread char destructor_initialized;
- 
-+#ifndef FD_CLOEXEC
-+#warning FD_CLOEXEC undefined on this platform, this may leak file descriptors
-+#define FD_CLOEXEC 1
-+#endif
-+
- /*
-  * setransd_open
-  *
diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
deleted file mode 100644
index 1d6f3a7..0000000
--- a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 802d224953294463fa9bc793e46f664ecfea057a Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdonald@windriver.com>
-Date: Fri, 11 Oct 2013 09:56:25 -0400
-Subject: [PATCH] libselinux: make O_CLOEXEC optional
-Various commits in the selinux tree in the current release added O_CLOEXEC
-to open() calls in an attempt to address file descriptor leaks as
-described:
-   http://danwalsh.livejournal.com/53603.html
-However O_CLOEXEC isn't available on all platforms, so make it a
-compile-time option and generate a warning when it is not available.  The
-actual impact of leaking these file descriptors is minimal, though it does
-produce curious AVC Denied messages.
-Upstream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
-Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- src/procattr.c  | 16 ++++++++++++++--
- src/sestatus.c  |  8 +++++++-
- src/stringrep.c |  8 +++++++-
- 3 files changed, 28 insertions(+), 4 deletions(-)
-diff --git a/src/procattr.c b/src/procattr.c
-index 48dd8af..8bf8432 100644
--- a/src/procattr.c
-+++ b/src/procattr.c
-@@ -79,7 +79,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
-                rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
-                if (rc < 0)
-                        return -1;
-               fd = open(path, flags | O_CLOEXEC);
-+               fd = open(path, flags
-+#ifdef O_CLOEXEC
-+                         | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+                       );
-                if (fd >= 0 || errno != ENOENT)
-                        goto out;
-                free(path);
-@@ -92,7 +98,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
-        if (rc < 0)
-                return -1;
- 
-       fd = open(path, flags | O_CLOEXEC);
-+       fd = open(path, flags
-+#ifdef O_CLOEXEC
-+                 | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+               );
- out:
-        free(path);
-        return fd;
-diff --git a/src/sestatus.c b/src/sestatus.c
-index ed29dc5..0cb15b6 100644
--- a/src/sestatus.c
-+++ b/src/sestatus.c
-@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
-                return -1;
- 
-        snprintf(path, sizeof(path), "%s/status", selinux_mnt);
-       fd = open(path, O_RDONLY | O_CLOEXEC);
-+       fd = open(path, O_RDONLY
-+#ifdef O_CLOEXEC
-+             | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+             );
-        if (fd < 0)
-                goto error;
- 
-diff --git a/src/stringrep.c b/src/stringrep.c
-index 2d83f96..17e9232 100644
--- a/src/stringrep.c
-+++ b/src/stringrep.c
-@@ -105,7 +105,13 @@ static struct discover_class_node * discover_class(const char *s)
-                struct stat m;
- 
-                snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
-               fd = open(path, O_RDONLY | O_CLOEXEC);
-+               fd = open(path, O_RDONLY
-+#ifdef O_CLOEXEC
-+                | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+                );
-                if (fd < 0)
-                        goto err4;
- 
diff --git a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
deleted file mode 100644
index 77a9136..0000000
--- a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From e630805d15a3b8d09330353f87a7e4a9fcc9998a Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdonald@windriver.com>
-Date: Tue, 15 Oct 2013 10:07:43 -0400
-Subject: [PATCH] libselinux: make SOCK_CLOEXEC optional
-libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC
-before using it, however libselinux/src/avc_internal.c does not.  Since
-SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older
-platforms, we need to ensure we protect the references it it in the same
-way.
-Upstream-Status: Inappropriate
-Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
---
- src/avc_internal.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-diff --git a/src/avc_internal.c b/src/avc_internal.c
-index 49cecc9..148cc83 100644
--- a/src/avc_internal.c
-+++ b/src/avc_internal.c
-@@ -60,7 +60,13 @@ int avc_netlink_open(int blocking)
-        int len, rc = 0;
-        struct sockaddr_nl addr;
- 
-       fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX);
-+       fd = socket(PF_NETLINK, SOCK_RAW
-+#ifdef SOCK_CLOEXEC
-+               | SOCK_CLOEXEC
-+#else
-+#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+               , NETLINK_SELINUX);
-        if (fd < 0) {
-                rc = fd;
-                goto out;
diff --git a/recipes-security/selinux/libselinux_3.1.bb b/recipes-security/selinux/libselinux_3.1.bb
deleted file mode 100644
index 9d1cda5..0000000
--- a/recipes-security/selinux/libselinux_3.1.bb
+++ /dev/null
@@ -1,17 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
-SRC_URI[sha256sum] = "ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
-SRC_URI += "\
-        file://libselinux-make-O_CLOEXEC-optional.patch \
-        file://libselinux-make-SOCK_CLOEXEC-optional.patch \
-        file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
-        "
-SRC_URI_append_libc-musl = " \
-        file://0001-libselinux-do-not-define-gettid-for-musl.patch \
-        "
diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux_3.2.bb
index fe8c087..5acd576 100644
--- a/recipes-security/selinux/libselinux.inc
+++ b/recipes-security/selinux/libselinux_3.2.bb
@@ -4,20 +4,25 @@ process and file security contexts and to obtain security policy \
 decisions.  Required for any applications that use the SELinux API."
 SECTION = "base"
 LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
+require selinux_common.inc
 inherit lib_package python3native
 DEPENDS += "libsepol libpcre"
 DEPENDS_append_libc-musl = " fts"
+S = "${WORKDIR}/git/libselinux"
 def get_policyconfigarch(d):
    import re
    target = d.getVar('TARGET_ARCH')
    p = re.compile('i.86')
    target = p.sub('i386',target)
    return "ARCH=%s" % (target)
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
+EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
 EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
 EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
author	Yi Zhao <yi.zhao@windriver.com>	2021-03-13 13:50:31 +0800
committer	Joe MacDonald <joe@deserted.net>	2021-03-17 09:39:50 -0400
commit	b78b413a24cf97f5ebda73bcf36fcb15ffbe1abf (patch)
tree	a94331d8e45daadf00799dabee73a0c6f6ce2c66
parent	d10900fc87b7ac7758b15b275659b8a6e1042397 (diff)
download	meta-selinux-b78b413a24cf97f5ebda73bcf36fcb15ffbe1abf.tar.gz

diff --git a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch deleted file mode 100644 index 5d6e409..0000000 --- a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch +++ /dev/null
@@ -1,47 +0,0 @@
1	From 5f6f4a095bc82b29c3871d4d8a15d9c16cef39ef Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Wed, 6 Jan 2021 10:42:11 +0800
4	Subject: [PATCH] libselinux: do not define gettid() for musl
5
6	The musl has implemented gettid() function:
7	http://git.musl-libc.org/cgit/musl/commit/?id=d49cf07541bb54a5ac7aec1feec8514db33db8ea
8
9	Fixes:
10	procattr.c:38:14: error: static declaration of 'gettid' follows non-static declaration
11	38 \| static pid_t gettid(void)
12	\| ^~~~~~
13	In file included from procattr.c:2:
14	/build/tmp/work/core2-32-poky-linux-musl/libselinux/3.1-r0/recipe-sysroot/usr/include/unistd.h:194:7:
15	note: previous declaration of 'gettid' was here
16	194 \| pid_t gettid(void);
17	\| ^~~~~~
18
19	Upstream-Status: Pending
20
21	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
22	---
23	src/procattr.c \| 8 +-------
24	1 file changed, 1 insertion(+), 7 deletions(-)
25
26	diff --git a/src/procattr.c b/src/procattr.c
27	index 926ee54..519e515 100644
28	--- a/src/procattr.c
29	+++ b/src/procattr.c
30	@@ -24,13 +24,7 @@ static __thread char destructor_initialized;
31
32	/* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
33	* has a definition for it */
34	-#ifdef __BIONIC__
35	- #define OVERRIDE_GETTID 0
36	-#elif !defined(__GLIBC_PREREQ)
37	- #define OVERRIDE_GETTID 1
38	-#elif !__GLIBC_PREREQ(2,30)
39	- #define OVERRIDE_GETTID 1
40	-#else
41	+#if !defined(__GLIBC_)
42	#define OVERRIDE_GETTID 0
43	#endif
44
45	--
46	2.17.1
47


diff --git a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch b/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch deleted file mode 100644 index 25d4b24..0000000 --- a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch +++ /dev/null
@@ -1,33 +0,0 @@
1	From d0aaf391ab30b253aa22ef6547a039bcac840fc6 Mon Sep 17 00:00:00 2001
2	From: Joe MacDonald <joe.macdonald@windriver.com>
3	Date: Tue, 15 Oct 2013 10:14:41 -0400
4	Subject: [PATCH] libselinux: define FD_CLOEXEC as necessary
5
6	In truly old systems, even FD_CLOEXEC may not be defined. Produce a
7	warning and duplicate the #define for FD_CLOEXEC found in
8	asm-generic/fcntl.h on more modern platforms.
9
10	Upstream-Status: Inappropriate
11
12	Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
13
14	---
15	src/setrans_client.c \| 5 +++++
16	1 file changed, 5 insertions(+)
17
18	diff --git a/src/setrans_client.c b/src/setrans_client.c
19	index fa188a8..a94f02c 100644
20	--- a/src/setrans_client.c
21	+++ b/src/setrans_client.c
22	@@ -39,6 +39,11 @@ static pthread_key_t destructor_key;
23	static int destructor_key_initialized = 0;
24	static __thread char destructor_initialized;
25
26	+#ifndef FD_CLOEXEC
27	+#warning FD_CLOEXEC undefined on this platform, this may leak file descriptors
28	+#define FD_CLOEXEC 1
29	+#endif
30	+
31	/*
32	* setransd_open
33	*


diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch deleted file mode 100644 index 1d6f3a7..0000000 --- a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch +++ /dev/null
@@ -1,99 +0,0 @@
1	From 802d224953294463fa9bc793e46f664ecfea057a Mon Sep 17 00:00:00 2001
2	From: Joe MacDonald <joe.macdonald@windriver.com>
3	Date: Fri, 11 Oct 2013 09:56:25 -0400
4	Subject: [PATCH] libselinux: make O_CLOEXEC optional
5
6	Various commits in the selinux tree in the current release added O_CLOEXEC
7	to open() calls in an attempt to address file descriptor leaks as
8	described:
9
10	http://danwalsh.livejournal.com/53603.html
11
12	However O_CLOEXEC isn't available on all platforms, so make it a
13	compile-time option and generate a warning when it is not available. The
14	actual impact of leaking these file descriptors is minimal, though it does
15	produce curious AVC Denied messages.
16
17	Upstream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
18
19	Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
20	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
21
22	---
23	src/procattr.c \| 16 ++++++++++++++--
24	src/sestatus.c \| 8 +++++++-
25	src/stringrep.c \| 8 +++++++-
26	3 files changed, 28 insertions(+), 4 deletions(-)
27
28	diff --git a/src/procattr.c b/src/procattr.c
29	index 48dd8af..8bf8432 100644
30	--- a/src/procattr.c
31	+++ b/src/procattr.c
32	@@ -79,7 +79,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
33	rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
34	if (rc < 0)
35	return -1;
36	- fd = open(path, flags \| O_CLOEXEC);
37	+ fd = open(path, flags
38	+#ifdef O_CLOEXEC
39	+ \| O_CLOEXEC
40	+#else
41	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
42	+#endif
43	+ );
44	if (fd >= 0 \|\| errno != ENOENT)
45	goto out;
46	free(path);
47	@@ -92,7 +98,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
48	if (rc < 0)
49	return -1;
50
51	- fd = open(path, flags \| O_CLOEXEC);
52	+ fd = open(path, flags
53	+#ifdef O_CLOEXEC
54	+ \| O_CLOEXEC
55	+#else
56	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
57	+#endif
58	+ );
59	out:
60	free(path);
61	return fd;
62	diff --git a/src/sestatus.c b/src/sestatus.c
63	index ed29dc5..0cb15b6 100644
64	--- a/src/sestatus.c
65	+++ b/src/sestatus.c
66	@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
67	return -1;
68
69	snprintf(path, sizeof(path), "%s/status", selinux_mnt);
70	- fd = open(path, O_RDONLY \| O_CLOEXEC);
71	+ fd = open(path, O_RDONLY
72	+#ifdef O_CLOEXEC
73	+ \| O_CLOEXEC
74	+#else
75	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
76	+#endif
77	+ );
78	if (fd < 0)
79	goto error;
80
81	diff --git a/src/stringrep.c b/src/stringrep.c
82	index 2d83f96..17e9232 100644
83	--- a/src/stringrep.c
84	+++ b/src/stringrep.c
85	@@ -105,7 +105,13 @@ static struct discover_class_node * discover_class(const char *s)
86	struct stat m;
87
88	snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
89	- fd = open(path, O_RDONLY \| O_CLOEXEC);
90	+ fd = open(path, O_RDONLY
91	+#ifdef O_CLOEXEC
92	+ \| O_CLOEXEC
93	+#else
94	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
95	+#endif
96	+ );
97	if (fd < 0)
98	goto err4;
99


diff --git a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch deleted file mode 100644 index 77a9136..0000000 --- a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch +++ /dev/null
@@ -1,38 +0,0 @@
1	From e630805d15a3b8d09330353f87a7e4a9fcc9998a Mon Sep 17 00:00:00 2001
2	From: Joe MacDonald <joe.macdonald@windriver.com>
3	Date: Tue, 15 Oct 2013 10:07:43 -0400
4	Subject: [PATCH] libselinux: make SOCK_CLOEXEC optional
5
6	libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC
7	before using it, however libselinux/src/avc_internal.c does not. Since
8	SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older
9	platforms, we need to ensure we protect the references it it in the same
10	way.
11
12	Upstream-Status: Inappropriate
13
14	Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
15
16	---
17	src/avc_internal.c \| 8 +++++++-
18	1 file changed, 7 insertions(+), 1 deletion(-)
19
20	diff --git a/src/avc_internal.c b/src/avc_internal.c
21	index 49cecc9..148cc83 100644
22	--- a/src/avc_internal.c
23	+++ b/src/avc_internal.c
24	@@ -60,7 +60,13 @@ int avc_netlink_open(int blocking)
25	int len, rc = 0;
26	struct sockaddr_nl addr;
27
28	- fd = socket(PF_NETLINK, SOCK_RAW \| SOCK_CLOEXEC, NETLINK_SELINUX);
29	+ fd = socket(PF_NETLINK, SOCK_RAW
30	+#ifdef SOCK_CLOEXEC
31	+ \| SOCK_CLOEXEC
32	+#else
33	+#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors
34	+#endif
35	+ , NETLINK_SELINUX);
36	if (fd < 0) {
37	rc = fd;
38	goto out;


diff --git a/recipes-security/selinux/libselinux_3.1.bb b/recipes-security/selinux/libselinux_3.1.bb deleted file mode 100644 index 9d1cda5..0000000 --- a/recipes-security/selinux/libselinux_3.1.bb +++ /dev/null
@@ -1,17 +0,0 @@
1	require selinux_20200710.inc
2	require ${BPN}.inc
3
4	LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
5
6	SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
7	SRC_URI[sha256sum] = "ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
8
9	SRC_URI += "\
10	file://libselinux-make-O_CLOEXEC-optional.patch \
11	file://libselinux-make-SOCK_CLOEXEC-optional.patch \
12	file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
13	"
14
15	SRC_URI_append_libc-musl = " \
16	file://0001-libselinux-do-not-define-gettid-for-musl.patch \
17	"


diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux_3.2.bb index fe8c087..5acd576 100644 --- a/recipes-security/selinux/libselinux.inc +++ b/recipes-security/selinux/libselinux_3.2.bb
@@ -4,20 +4,25 @@ process and file security contexts and to obtain security policy \
4	decisions. Required for any applications that use the SELinux API."	4	decisions. Required for any applications that use the SELinux API."
5	SECTION = "base"	5	SECTION = "base"
6	LICENSE = "PD"	6	LICENSE = "PD"
		7	LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
		8
		9	require selinux_common.inc
7		10
8	inherit lib_package python3native	11	inherit lib_package python3native
9		12
10	DEPENDS += "libsepol libpcre"	13	DEPENDS += "libsepol libpcre"
11	DEPENDS_append_libc-musl = " fts"	14	DEPENDS_append_libc-musl = " fts"
12		15
		16	S = "${WORKDIR}/git/libselinux"
		17
13	def get_policyconfigarch(d):	18	def get_policyconfigarch(d):
14	import re	19	import re
15	target = d.getVar('TARGET_ARCH')	20	target = d.getVar('TARGET_ARCH')
16	p = re.compile('i.86')	21	p = re.compile('i.86')
17	target = p.sub('i386',target)	22	target = p.sub('i386',target)
18	return "ARCH=%s" % (target)	23	return "ARCH=%s" % (target)
19	EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
20		24
		25	EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
21	EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"	26	EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
22	EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"	27	EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
23		28