diff options
| author | Laszlo Szekeres <inbox@lszekeres.com> | 2016-03-04 20:33:06 -0500 |
|---|---|---|
| committer | Laszlo Szekeres <inbox@lszekeres.com> | 2016-03-05 19:11:33 -0500 |
| commit | 45d8a085662f7689c0b6978cf2e33845f6095000 (patch) | |
| tree | abc0a627026a33ccbf6e2bfa58613edd8969debf /autoconf | |
| parent | f244db54bfc37f5cc1d831f54c74e818e69bd28c (diff) | |
| download | klee-45d8a085662f7689c0b6978cf2e33845f6095000.tar.gz | |
Fix SELinux signatures in runtime
The SELinux function signatures have changed between version 2.2 and 2.3. In particular, the type of the "security context" parameter was changed from char * to const char *, with the following patch: SELinuxProject/selinux@9eb9c9327563014ad6a807814e7975424642d5b9. Recent Linux distributions (e.g. Ubuntu 15.10) ship with the updated version of libselinux. This change makes the SELinux runtime compatible with the newer versions of the library by replacing security_context_t with its original char * definition and defining it as const only if the installed library does so. Whether the system uses const char * types is detected with the configure script. Fixes klee/klee#303.
Diffstat (limited to 'autoconf')
| -rw-r--r-- | autoconf/configure.ac | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/autoconf/configure.ac b/autoconf/configure.ac index bb391329..01c2c809 100644 --- a/autoconf/configure.ac +++ b/autoconf/configure.ac @@ -534,12 +534,31 @@ if test "x${have_cap}" = xno; then capability checking support for klee-replay.]) fi -AC_LANG_POP([C]) - AC_CHECK_HEADERS([selinux/selinux.h], AC_SUBST(HAVE_SELINUX, 1), AC_SUBST(HAVE_SELINUX, 0)) +if test "$HAVE_SELINUX" = "1"; then + # Test what function signature we need to use for SELinux. The signatures + # have changed between 2.2 and 2.3. In particular, the type of the "security + # context" parameter was changed from char * to const char *, with this + # patch: [PATCH] Get rid of security_context_t and fix const declarations. + # [http://www.spinics.net/lists/selinux/msg14827.html] + AC_CACHE_CHECK([for selinux security context type constness], + [klee_cv_sel_ctx_const], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[ +#include <selinux/selinux.h> +int setcon(char *context);]])], + [klee_cv_sel_ctx_const=''], + [klee_cv_sel_ctx_const='const'])]) + AC_DEFINE_UNQUOTED([KLEE_SELINUX_CTX_CONST], [$klee_cv_sel_ctx_const], + [Define to empty or 'const' depending on how SELinux qualifies its + security context parameters.]) +fi + +AC_LANG_POP([C]) + dnl ************************************************************************** dnl Test for features dnl ************************************************************************** |