Commit Graph

109 Commits

Author SHA1 Message Date
Carlos O'Donell
0699f766b1 nscd: Make SELinux checks dynamic.
The SELinux team has indicated to me that glibc's SELinux checks
in nscd are not being carried out as they would expect the API
to be used today. They would like to move away from static header
defines for class and permissions and instead use dynamic checks
at runtime that provide an answer which is dependent on the runtime
status of SELinux i.e. more dynamic.

The following patch is a minimal change that moves us forward in
this direction.

It does the following:

* Stop checking for SELinux headers that define NSCD__SHMEMHOST.
  Check only for the presence or absence of the library.

* Don't encode the specific SELinux permission constants into a
  table at build time, and instead use the symbolic name for the
  permission as expected.

* Lookup the "What do we do if we don't know this permission?"
  policy and use that if we find SELinux's policy is older than
  the glibc policy e.g. we make a request for a permission that
  SELinux doesn't know about.

* Lastly, translate the class and permission and then make
  the permission check. This is done every time we lookup
  a permission, and this is the expected way to use the API.
  SELinux will optimize this for us, and we expect the network
  latencies to hide these extra library calls.

Tested on x86, x86-64, and via Fedora Rawhide since November 2013.

See:
https://sourceware.org/ml/libc-alpha/2014-04/msg00179.html
2014-04-14 04:10:39 -04:00
Adhemerval Zanella
7ffa942302 PowerPC: define _CALL_ELF if compiler does not
This patch makes the configure adds -D_CALL_ELF=1 when compiler does
not define _CALL_ELF (versions before powerpc64le support).  It cleans
up compiler warnings on old compiler where _CALL_ELF is not defined
on powerpc64(be) builds.

It does by add a new config.make variable for configure-deduced
CPPFLAGS and accumulate into that (confix-extra-cppflags).  It also
generalizes libc_extra_cflags so it accumulates in sysdeps configure
fragmenets.
2014-04-06 16:48:08 -05:00
Mike Frysinger
43ca83ecc4 stop supporting bash-1.x
We've stopped supporting toolchain packages older than 2009, so punting
bash-1.x is reasonable when bash-2 was released almost 20 years ago.
2014-03-13 20:20:12 -04:00
Mike Frysinger
c66e48b4a7 delete ksh checks
Nothing in the tree uses ksh anymore, so punt these checks.
2014-03-13 20:03:31 -04:00
Roland McGrath
44c4e5d598 Use __ehdr_start, when available, for rtld to get its own headers. 2014-03-13 10:38:27 -07:00
Allan McRae
9e8ac24ba3 Set AUTOCONF variable when maintainer-mode is not used
Fixes build issue introduced in 8894bad3 when configure.ac is altered
and maintainer-mode is not enabled.
2013-12-16 21:45:27 +10:00
Allan McRae
8894bad34c Add --enable-maintainer-mode configure option
Autoconf is tested for and run if needed only when --enable-maintainer-mode
is used on configure.  This results in the autom4te.cache directory only
being written in the source directory during configure if automatic
autoconf usage is requested.

Fixes BZ #14120.
2013-12-16 11:26:49 +10:00
Marc-Antoine Perennou
28d708c44b Accept make versions 4.0 and greater 2013-10-31 12:38:36 +10:00
Mike Frysinger
cb8a6dbd17 rename configure.in to configure.ac
Autoconf has been deprecating configure.in for quite a long time.
Rename all our configure.in and preconfigure.in files to .ac.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2013-10-30 17:32:08 +10:00