Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [PATCH] [STABLE] Makefile change to disable restorecond
From: Joshua Brindle <method_at_manicmethod.com>
Date: Wed, 12 Dec 2007 11:02:01 -0500
>> Stephen Smalley wrote: >> >>> On Tue, 2007-12-11 at 15:13 -0500, Joshua Brindle wrote: >>> >>> >>>> Joshua Brindle wrote: >>>> >>>> >>>>> This patch is necessary to build stable on RHEL4. CLIP uses the >>>>> current stable toolchain and supports RHEL4 as a target so we are >>>>> trying to upstream any magic that is necessary to build on that platform. >>>>> >>>>> >>>>> >>>> Ignore last patch, this one is actually against stable :) >>>> >>>> >>> What about just checking for the presence of /usr/include/sys/inotify.h >>> and disabling restorecond in its absence, similar to handling of PAMH >>> and AUDITH in newrole's Makefile? Then that could go into trunk too. >>> >>> >> The next problem is that libselinux won't build on RHEL4 without >> building the .lo files with --ftls-model=initial-exec. Do you have an >> opinion on how to switch this on/off for building there? >> > > We already have a TLSFLAGS definition for the .o files, so I suppose we > could have two definitions, one for the .o files and one for the .lo > files, and put them in the Makefile, and then you'd just build with make > SHARED_TLSFLAGS="-ftlsmodel=initial-exec" or whatever for RHEL4. > > Or the other alternative would be to make the use of TLS completely a > build-time option, which would help for distributions where it isn't > supported at all. That shouldn't be too difficult; Manoj posted a patch > he was using for Debian a long time ago. > Ok, I see http://marc.info/?l=selinux&m=115807948020898&w=2 This makes TLS unnecessary at all though, right? I have no problem with this as TLS makes me fairly uneasy anyway. Are you comfortable with Manoj's patch? I didn't see any discussion of it at all on list after he sent it.. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 12 Dec 2007 - 11:02:37 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |