Bug#767760: busybox: Please build selinux support

To: Debian Bug Tracking System <767760@bugs.debian.org>
Subject: Bug#767760: busybox: Please build selinux support
From: Laurent Bigonville <bigon@debian.org>
Date: Thu, 13 Aug 2015 20:31:30 +0200
Message-id: <[🔎] 20150813183130.26639.31885.reportbug@fornost.bigon.be>
Reply-to: Laurent Bigonville <bigon@debian.org>, 767760@bugs.debian.org

Package: busybox
Followup-For: Bug #767760

Hi,

Please find here a patch to add SELinux support.

The patch is not disabling SELinux on !linux architectures, that should
be fixed before being pushed, but I'm not too sure how to do that with
the build system here.

Cheers,

Laurent Bigonville

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages busybox depends on:
ii  libc6        2.19-19
ii  libselinux1  2.3-2+b1
ii  libsepol1    2.4-1

busybox recommends no packages.

busybox suggests no packages.

-- no debconf information

diff -Nru busybox-1.22.0/debian/config/pkg/deb busybox-1.22.0/debian/config/pkg/deb
--- busybox-1.22.0/debian/config/pkg/deb	2014-03-01 11:41:03.000000000 +0100
+++ busybox-1.22.0/debian/config/pkg/deb	2015-08-06 01:46:50.000000000 +0200
@@ -46,7 +46,7 @@
 CONFIG_FEATURE_SUID=y
 CONFIG_FEATURE_SUID_CONFIG=y
 CONFIG_FEATURE_SUID_CONFIG_QUIET=y
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 CONFIG_FEATURE_PREFER_APPLETS=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
@@ -168,7 +168,7 @@
 CONFIG_FEATURE_TAR_TO_COMMAND=y
 CONFIG_FEATURE_TAR_UNAME_GNAME=y
 CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_FEATURE_TAR_SELINUX=y
 CONFIG_UNZIP=y
 
 #
@@ -951,21 +951,25 @@
 # CONFIG_ENVUIDGID is not set
 # CONFIG_ENVDIR is not set
 # CONFIG_SOFTLIMIT is not set
-# CONFIG_CHCON is not set
-# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
-# CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
-# CONFIG_RUNCON is not set
-# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
-# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
+
+#
+# SELinux Utilities
+#
+CONFIG_CHCON=y
+CONFIG_FEATURE_CHCON_LONG_OPTIONS=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
+CONFIG_LOAD_POLICY=y
+CONFIG_MATCHPATHCON=y
+CONFIG_RESTORECON=y
+CONFIG_RUNCON=y
+CONFIG_FEATURE_RUNCON_LONG_OPTIONS=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SETENFORCE=y
+CONFIG_SETFILES=y
+CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
+CONFIG_SETSEBOOL=y
+CONFIG_SESTATUS=y
 
 #
 # Shells
diff -Nru busybox-1.22.0/debian/config/pkg/static busybox-1.22.0/debian/config/pkg/static
--- busybox-1.22.0/debian/config/pkg/static	2014-03-01 11:41:03.000000000 +0100
+++ busybox-1.22.0/debian/config/pkg/static	2015-08-06 01:46:59.000000000 +0200
@@ -46,7 +46,7 @@
 CONFIG_FEATURE_SUID=y
 CONFIG_FEATURE_SUID_CONFIG=y
 CONFIG_FEATURE_SUID_CONFIG_QUIET=y
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 CONFIG_FEATURE_PREFER_APPLETS=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
@@ -168,7 +168,7 @@
 CONFIG_FEATURE_TAR_TO_COMMAND=y
 CONFIG_FEATURE_TAR_UNAME_GNAME=y
 CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_FEATURE_TAR_SELINUX=y
 CONFIG_UNZIP=y
 
 #
@@ -951,21 +951,25 @@
 # CONFIG_ENVUIDGID is not set
 # CONFIG_ENVDIR is not set
 # CONFIG_SOFTLIMIT is not set
-# CONFIG_CHCON is not set
-# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
-# CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
-# CONFIG_RUNCON is not set
-# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
-# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
+
+#
+# SELinux Utilities
+#
+CONFIG_CHCON=y
+CONFIG_FEATURE_CHCON_LONG_OPTIONS=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
+CONFIG_LOAD_POLICY=y
+CONFIG_MATCHPATHCON=y
+CONFIG_RESTORECON=y
+CONFIG_RUNCON=y
+CONFIG_FEATURE_RUNCON_LONG_OPTIONS=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SETENFORCE=y
+CONFIG_SETFILES=y
+CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
+CONFIG_SETSEBOOL=y
+CONFIG_SESTATUS=y
 
 #
 # Shells
diff -Nru busybox-1.22.0/debian/control busybox-1.22.0/debian/control
--- busybox-1.22.0/debian/control	2015-03-04 16:12:02.000000000 +0100
+++ busybox-1.22.0/debian/control	2015-08-13 20:07:47.000000000 +0200
@@ -9,6 +9,7 @@
 # glibc static-nss #754813, 2.19..2.19-11, -12 is ok. Depend on libc-dev-bin
 # as it is the package which is named the same on all architectures
  libc-dev-bin (>> 2.19-12~) | libc-dev-bin (<< 2.19),
+ libselinux1-dev [linux-any]
 Standards-Version: 3.9.5
 Vcs-Git: git://anonscm.debian.org/d-i/busybox.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=d-i/busybox.git
diff -Nru busybox-1.22.0/debian/patches/series busybox-1.22.0/debian/patches/series
--- busybox-1.22.0/debian/patches/series	2015-03-04 17:02:27.000000000 +0100
+++ busybox-1.22.0/debian/patches/series	2015-08-13 20:10:10.000000000 +0200
@@ -29,3 +29,4 @@
 update-deb-format-support.patch
 
 CVE-2014-9645.patch
+static-linking-selinux.patch
diff -Nru busybox-1.22.0/debian/patches/static-linking-selinux.patch busybox-1.22.0/debian/patches/static-linking-selinux.patch
--- busybox-1.22.0/debian/patches/static-linking-selinux.patch	1970-01-01 01:00:00.000000000 +0100
+++ busybox-1.22.0/debian/patches/static-linking-selinux.patch	2015-08-13 20:28:22.000000000 +0200
@@ -0,0 +1,15 @@
+Description: Newer versions of libselinux requires libpcre and pthread for static linking
+Author: Laurent Bigonville <bigon@debian.org>
+Forwarded: no
+
+--- a/Makefile.flags
++++ b/Makefile.flags
+@@ -143,7 +143,7 @@ LDLIBS += pam pam_misc pthread
+ endif
+ 
+ ifeq ($(CONFIG_SELINUX),y)
+-SELINUX_PC_MODULES = libselinux libsepol
++SELINUX_PC_MODULES = libselinux libsepol libpcre pthread
+ $(eval $(call pkg_check_modules,SELINUX,$(SELINUX_PC_MODULES)))
+ CPPFLAGS += $(SELINUX_CFLAGS)
+ LDLIBS += $(if $(SELINUX_LIBS),$(SELINUX_LIBS:-l%=%),$(SELINUX_PC_MODULES:lib%=%))

Reply to:

Prev by Date: Re: Please dak copy-installer 20150813 & hint it into testing
Next by Date: Processed: tagging 767760
Previous by thread: Bug#712907: grub-installer: No longer installs automatically on a normal machine with one hard drive
Next by thread: Processed: tagging 767760
Index(es):
- Date
- Thread