New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apparmor: add support for *-musl. #711
Closed
Closed
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
49 changes: 49 additions & 0 deletions
49
srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
Source: Alpine Linux | ||
Upstream: Unknown | ||
Reason: Fixes compilation with musl libc | ||
--- | ||
|
||
diff --git a/parser/missingdefs.h b/parser/missingdefs.h | ||
new file mode 100644 | ||
index 0000000..8097aef | ||
--- /dev/null | ||
+++ b/parser/missingdefs.h | ||
@@ -0,0 +1,8 @@ | ||
+#ifndef PARSER_MISSINGDEFS_H | ||
+#define PARSER_MISSINGDEFS_H | ||
+ | ||
+typedef int (*__compar_fn_t) (const void *, const void *); | ||
+typedef __compar_fn_t comparison_fn_t; | ||
+typedef void (*__free_fn_t) (void *__nodep); | ||
+ | ||
+#endif | ||
diff --git a/parser/parser_alias.c b/parser/parser_alias.c | ||
index f5b6da4..d57f580 100644 | ||
--- a/parser/parser_alias.c | ||
+++ b/parser/parser_alias.c | ||
@@ -25,6 +25,10 @@ | ||
#include "parser.h" | ||
#include "profile.h" | ||
|
||
+#ifndef __GLIBC__ | ||
+#include "missingdefs.h" | ||
+#endif | ||
+ | ||
struct alias_rule { | ||
char *from; | ||
char *to; | ||
diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c | ||
index 3e667d8..e109f4d 100644 | ||
--- a/parser/parser_symtab.c | ||
+++ b/parser/parser_symtab.c | ||
@@ -25,6 +25,10 @@ | ||
#include "immunix.h" | ||
#include "parser.h" | ||
|
||
+#ifndef __GLIBC__ | ||
+#include "missingdefs.h" | ||
+#endif | ||
+ | ||
enum var_type { | ||
sd_boolean, | ||
sd_set, |
186 changes: 186 additions & 0 deletions
186
srcpkgs/apparmor/patches/add-secure_getenv-scandirat.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,186 @@ | ||
Source: Alpine Linux | ||
Upstream: Unknown | ||
Reason: Fixes compilation with musl libc | ||
--- | ||
|
||
diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac | ||
index 479ba6d..979ed91 100644 | ||
--- a/libraries/libapparmor/configure.ac | ||
+++ b/libraries/libapparmor/configure.ac | ||
@@ -81,7 +81,7 @@ AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes) | ||
AC_HEADER_STDC | ||
AC_CHECK_HEADERS(unistd.h stdint.h syslog.h) | ||
|
||
-AC_CHECK_FUNCS([asprintf __secure_getenv secure_getenv]) | ||
+AC_CHECK_FUNCS([asprintf __secure_getenv secure_getenv scandirat reallocarray]) | ||
|
||
AM_PROG_CC_C_O | ||
AC_C_CONST | ||
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am | ||
index b9721fd..ed91a3c 100644 | ||
--- a/libraries/libapparmor/src/Makefile.am | ||
+++ b/libraries/libapparmor/src/Makefile.am | ||
@@ -46,9 +46,9 @@ af_protos.h: /usr/include/netinet/in.h | ||
LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@ | ||
|
||
lib_LTLIBRARIES = libapparmor.la | ||
-noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h | ||
+noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h secure_getenv.h scandirat.h private.h PMurHash.c | ||
|
||
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c private.c features.c kernel_interface.c policy_cache.c PMurHash.c | ||
+libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c secure_getenv.c scandirat.c private.c features.c kernel_interface.c policy_cache.c PMurHash.c | ||
libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \ | ||
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map | ||
|
||
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c | ||
index bece09d..dd0e815 100644 | ||
--- a/libraries/libapparmor/src/private.c | ||
+++ b/libraries/libapparmor/src/private.c | ||
@@ -39,10 +39,26 @@ | ||
#ifdef HAVE___SECURE_GETENV | ||
#define secure_getenv __secure_getenv | ||
#else | ||
- #error neither secure_getenv nor __secure_getenv is available | ||
+ #include "secure_getenv.h" | ||
#endif | ||
#endif | ||
|
||
+#ifndef HAVE_SCANDIRAT | ||
+#include "scandirat.h" | ||
+#endif | ||
+ | ||
+ | ||
+/* | ||
+ * Allow libapparmor to build on older glibcs and other libcs that do | ||
+ * not support reallocarray. | ||
+ */ | ||
+#ifndef HAVE_REALLOCARRY | ||
+void *reallocarray(void *ptr, size_t nmemb, size_t size) | ||
+{ | ||
+ return realloc(ptr, nmemb * size); | ||
+} | ||
+#endif | ||
+ | ||
struct ignored_suffix_t { | ||
const char * text; | ||
int len; | ||
diff --git a/libraries/libapparmor/src/scandirat.c b/libraries/libapparmor/src/scandirat.c | ||
new file mode 100644 | ||
index 0000000..c293014 | ||
--- /dev/null | ||
+++ b/libraries/libapparmor/src/scandirat.c | ||
@@ -0,0 +1,62 @@ | ||
+#include <dirent.h> | ||
+#include <string.h> | ||
+#include <stdlib.h> | ||
+#include <unistd.h> | ||
+#include <fcntl.h> | ||
+#include <inttypes.h> | ||
+#include <errno.h> | ||
+ | ||
+#include "scandirat.h" | ||
+ | ||
+#ifndef HAVE_SCANDIRAT | ||
+ | ||
+int scandirat(int dir_fd, const char *dirp, struct dirent ***namelist, | ||
+ int (*filter)(const struct dirent *), | ||
+ int (*compar)(const struct dirent **, const struct dirent **)) | ||
+{ | ||
+ int fd; | ||
+ DIR *d; | ||
+ struct dirent *de, **names=0, **tmp; | ||
+ size_t cnt=0, len=0; | ||
+ int old_errno = errno; | ||
+ | ||
+ | ||
+ fd = openat(dir_fd, dirp, O_RDONLY|O_CLOEXEC); | ||
+ if (fd == -1) return -1; | ||
+ | ||
+ d = fdopendir(fd); | ||
+ | ||
+ if (!d) { | ||
+ close(fd); | ||
+ return -1; | ||
+ } | ||
+ | ||
+ while ((errno=0), (de = readdir(d))) { | ||
+ if (filter && !filter(de)) continue; | ||
+ if (cnt >= len) { | ||
+ len = 2*len+1; | ||
+ if (len > SIZE_MAX/sizeof *names) break; | ||
+ tmp = realloc(names, len * sizeof *names); | ||
+ if (!tmp) break; | ||
+ names = tmp; | ||
+ } | ||
+ names[cnt] = malloc(de->d_reclen); | ||
+ if (!names[cnt]) break; | ||
+ memcpy(names[cnt++], de, de->d_reclen); | ||
+ } | ||
+ | ||
+ closedir(d); | ||
+ | ||
+ if (errno) { | ||
+ if (names) while (cnt-->0) free(names[cnt]); | ||
+ free(names); | ||
+ return -1; | ||
+ } | ||
+ errno = old_errno; | ||
+ | ||
+ if (compar) qsort(names, cnt, sizeof *names, (int (*)(const void *, const void *))compar); | ||
+ *namelist = names; | ||
+ return cnt; | ||
+} | ||
+ | ||
+#endif | ||
diff --git a/libraries/libapparmor/src/scandirat.h b/libraries/libapparmor/src/scandirat.h | ||
new file mode 100644 | ||
index 0000000..a1c5dfe | ||
--- /dev/null | ||
+++ b/libraries/libapparmor/src/scandirat.h | ||
@@ -0,0 +1,12 @@ | ||
+#ifndef LIBAPPARMOR_SCANDIRAT_H | ||
+#define LIBAPPARMOR_SCANDIRAT_H | ||
+ | ||
+#include <dirent.h> | ||
+ | ||
+#ifndef HAVE_SCANDIRAT | ||
+int scandirat(int dir_fd, const char *dirp, struct dirent ***namelist, | ||
+ int (*filter)(const struct dirent *), | ||
+ int (*compar)(const struct dirent **, const struct dirent **)); | ||
+#endif | ||
+ | ||
+#endif | ||
diff --git a/libraries/libapparmor/src/secure_getenv.c b/libraries/libapparmor/src/secure_getenv.c | ||
new file mode 100644 | ||
index 0000000..f6894cd | ||
--- /dev/null | ||
+++ b/libraries/libapparmor/src/secure_getenv.c | ||
@@ -0,0 +1,14 @@ | ||
+#include <stdlib.h> | ||
+#include <sys/auxv.h> | ||
+ | ||
+#include "secure_getenv.h" | ||
+ | ||
+#ifndef HAVE_SECURE_GETENV | ||
+char *secure_getenv(const char *name) | ||
+{ | ||
+ if (!getauxval(AT_SECURE)) { | ||
+ return getenv(name); | ||
+ } | ||
+ return NULL; | ||
+} | ||
+#endif | ||
diff --git a/libraries/libapparmor/src/secure_getenv.h b/libraries/libapparmor/src/secure_getenv.h | ||
new file mode 100644 | ||
index 0000000..b6269a8 | ||
--- /dev/null | ||
+++ b/libraries/libapparmor/src/secure_getenv.h | ||
@@ -0,0 +1,8 @@ | ||
+#ifndef LIBAPPARMOR_SECURE_GETENV_H | ||
+#define LIBAPPARMOR_SECURE_GETENV_H | ||
+ | ||
+#ifndef HAVE_SECURE_GETENV | ||
+char *secure_getenv(const char *name); | ||
+#endif | ||
+ | ||
+#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason to remove the option instead of just default it to on?