dbus ChangeLog,1.539,1.540 configure.in,1.91,1.92

Havoc Pennington hp at freedesktop.org
Thu Jul 29 22:59:36 PDT 2004 

Update of /cvs/dbus/dbus
In directory pdx:/tmp/cvs-serv30925

Modified Files:
	ChangeLog configure.in 
Log Message:
2004-07-24  Havoc Pennington  <hp at redhat.com>

	SELinux support from Matthew Rickard <mjricka at epoch.ncsc.mil>

	* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
	functionality

	* configure.in: add --enable-selinux
	
	* bus/policy.c (bus_policy_merge): add FIXME to a comment

	* bus/main.c (main): initialize and shut down selinux

	* bus/connection.c: store SELinux ID on each connection, to avoid 
	repeated getting of the string context and converting it into 
	an ID

	* bus/bus.c (bus_context_get_policy): new accessor, though it
	isn't used
	(bus_context_check_security_policy): check whether the security
	context of sender connection can send to the security context of
	recipient connection

	* bus/config-parser.c: add parsing for <selinux> and <associate>
	
	* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
	implement dbus_connection_get_unix_fd()

	* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
	function, used by the selinux stuff
	


Index: ChangeLog
===================================================================
RCS file: /cvs/dbus/dbus/ChangeLog,v
retrieving revision 1.539
retrieving revision 1.540
diff -u -d -r1.539 -r1.540
--- ChangeLog	29 Jul 2004 08:00:45 -0000	1.539
+++ ChangeLog	30 Jul 2004 05:59:33 -0000	1.540
@@ -1,3 +1,34 @@
+2004-07-24  Havoc Pennington  <hp at redhat.com>
+
+	SELinux support from Matthew Rickard <mjricka at epoch.ncsc.mil>
+
+	* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
+	functionality
+
+	* configure.in: add --enable-selinux
+	
+	* bus/policy.c (bus_policy_merge): add FIXME to a comment
+
+	* bus/main.c (main): initialize and shut down selinux
+
+	* bus/connection.c: store SELinux ID on each connection, to avoid 
+	repeated getting of the string context and converting it into 
+	an ID
+
+	* bus/bus.c (bus_context_get_policy): new accessor, though it
+	isn't used
+	(bus_context_check_security_policy): check whether the security
+	context of sender connection can send to the security context of
+	recipient connection
+
+	* bus/config-parser.c: add parsing for <selinux> and <associate>
+	
+	* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
+	implement dbus_connection_get_unix_fd()
+
+	* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
+	function, used by the selinux stuff
+	
 2004-07-29  Olivier Andrieu  <oliv__a at users.sourceforge.net>
 
 	* bus/config-loader-libxml.c: complete the implementation of

Index: configure.in
===================================================================
RCS file: /cvs/dbus/dbus/configure.in,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -d -r1.91 -r1.92
--- configure.in	29 Jul 2004 08:00:45 -0000	1.91
+++ configure.in	30 Jul 2004 05:59:33 -0000	1.92
@@ -38,7 +38,7 @@
 AC_ARG_ENABLE(mono,             [  --enable-mono         build mono bindings],enable_mono=$enableval,enable_mono=auto)
 AC_ARG_ENABLE(mono_docs,        [  --enable-mono-docs    build mono docs],enable_mono_docs=$enableval,enable_mono_docs=auto)
 AC_ARG_ENABLE(python,           [  --enable-python       build python bindings],enable_python=$enableval,enable_python=auto)
-
+AC_ARG_ENABLE(selinux,          [  --enable-selinux      build with SELinux support],enable_selinux=$enableval,enable_selinux=auto)
 
 AC_ARG_WITH(xml,                [  --with-xml=[libxml/expat]           XML library to use])
 AC_ARG_WITH(init-scripts,       [  --with-init-scripts=[redhat]        Style of init scripts to install])
@@ -690,6 +690,40 @@
    XML_CFLAGS=$LIBXML_CFLAGS
 fi
 
+# SELinux detection
+if test x$enable_selinux = xno ; then
+    have_selinux=no;
+else
+    # See if we have SELinux library
+    AC_CHECK_LIB(selinux, is_selinux_enabled, 
+                 have_selinux=yes, have_selinux=no)
+
+    # see if we have the SELinux header with the new D-BUS stuff in it
+    if test x$have_selinux = xyes ; then
+        AC_EGREP_HEADER(DBUS__ACQUIRE_SVC, av_permissions.h,
+                        have_selinux=yes, have_selinux=no)
+    fi
+
+    if test x$enable_selinux = xauto ; then
+        if test x$have_selinux = xno ; then
+                AC_MSG_WARN([Sufficiently new SELinux library not found])
+        fi
+    else 
+        if test x$have_selinux = xno ; then
+                AC_MSG_ERROR([SElinux explicitly required, and SELinux library not found])
+        fi
+    fi
+fi
+
+AM_CONDITIONAL(HAVE_SELINUX, test x$have_selinux = xyes)
+
+if test x$have_selinux = xyes ; then
+    SELINUX_LIBS=-lselinux
+    AC_DEFINE(HAVE_SELINUX,1,[SELinux support])
+else
+    SELINUX_LIBS=
+fi
+
 #### Set up final flags
 DBUS_CLIENT_CFLAGS=
 DBUS_CLIENT_LIBS=
@@ -697,7 +731,7 @@
 AC_SUBST(DBUS_CLIENT_LIBS)
 
 DBUS_BUS_CFLAGS=$XML_CFLAGS
-DBUS_BUS_LIBS=$XML_LIBS
+DBUS_BUS_LIBS="$XML_LIBS $SELINUX_LIBS"
 AC_SUBST(DBUS_BUS_CFLAGS)
 AC_SUBST(DBUS_BUS_LIBS)
 
@@ -1076,7 +1110,6 @@
 
 AM_CONDITIONAL(HAVE_PYTHON, test x$have_python = xyes)
 
-
 AC_OUTPUT([
 Doxyfile
 dbus/dbus-arch-deps.h
@@ -1167,6 +1200,7 @@
         Building Qt bindings:     ${have_qt}
         Building GLib bindings:   ${have_glib}
         Building Python bindings: ${have_python}
+        Building SELinux support: ${have_selinux}
 	Building Mono bindings:	  ${enable_mono}
 	Building Mono docs:	  ${enable_mono_docs}
         Building GTK+ tools:      ${have_gtk}

More information about the dbus-commit mailing list