diff options
| author | Alon Bar-Lev <alon.barlev@gmail.com> | 2012-02-29 22:12:05 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-03-22 22:17:27 +0100 |
| commit | cd5990e0e0da1621b9c2d9ca927ff8d1af3c241a (patch) | |
| tree | 3b8875339f3846a1a28bbe2416e7a4a7af05a9c6 /src | |
| parent | cab53332e11b9a447883da0c95552c453f760f0b (diff) | |
| download | openvpn-cd5990e0e0da1621b9c2d9ca927ff8d1af3c241a.tar.gz openvpn-cd5990e0e0da1621b9c2d9ca927ff8d1af3c241a.tar.xz openvpn-cd5990e0e0da1621b9c2d9ca927ff8d1af3c241a.zip | |
build: proper selinux detection and usage
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/openvpn/Makefile.am | 1 | ||||
| -rw-r--r-- | src/openvpn/init.c | 4 | ||||
| -rw-r--r-- | src/openvpn/options.c | 6 | ||||
| -rw-r--r-- | src/openvpn/options.h | 2 | ||||
| -rw-r--r-- | src/openvpn/syshead.h | 2 |
5 files changed, 8 insertions, 7 deletions
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 86abd09..a3f8b3a 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -97,6 +97,7 @@ openvpn_SOURCES = \ cryptoapi.h cryptoapi.c openvpn_LDADD = \ $(SOCKETS_LIBS) \ + $(OPTIONAL_SELINUX_LIBS) \ $(OPTIONAL_DL_LIBS) if WIN32 openvpn_SOURCES += openvpn_win32_resources.rc diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b8f57b2..0c995ff 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1038,7 +1038,7 @@ do_uid_gid_chroot (struct context *c, bool no_delay) mstats_open(c->options.memstats_fn); #endif -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX /* Apply a SELinux context in order to restrict what OpenVPN can do * to _only_ what it is supposed to do after initialization is complete * (basically just network I/O operations). Doing it after chroot @@ -2465,7 +2465,7 @@ do_option_warnings (struct context *c) msg (M_WARN, "WARNING: --ping should normally be used with --ping-restart or --ping-exit"); if (o->username || o->groupname || o->chroot_dir -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX || o->selinux_context #endif ) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d7f848e..4e95b83 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -316,7 +316,7 @@ static const char usage_message[] = "--user user : Set UID to user after initialization.\n" "--group group : Set GID to group after initialization.\n" "--chroot dir : Chroot to this directory after initialization.\n" -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX "--setcon context: Apply this SELinux context after initialization.\n" #endif "--cd dir : Change to this directory before initialization.\n" @@ -1477,7 +1477,7 @@ show_settings (const struct options *o) SHOW_STR (groupname); SHOW_STR (chroot_dir); SHOW_STR (cd_dir); -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX SHOW_STR (selinux_context); #endif SHOW_STR (writepid); @@ -4525,7 +4525,7 @@ add_option (struct options *options, } options->cd_dir = p[1]; } -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX else if (streq (p[0], "setcon") && p[1]) { VERIFY_PERMISSION (OPT_P_GENERAL); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 6af4b3a..57b88b7 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -310,7 +310,7 @@ struct options const char *groupname; const char *chroot_dir; const char *cd_dir; -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX char *selinux_context; #endif const char *writepid; diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 1ad81d8..cac4757 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -176,7 +176,7 @@ #include <sys/epoll.h> #endif -#ifdef HAVE_SETCON +#ifdef ENABLE_SELINUX #include <selinux/selinux.h> #endif |