[PATCH 1/6] libsepol: update to version 3.8.1
Dominick Grift
dominick.grift at defensec.nl
Fri Mar 28 09:34:14 PDT 2025
Daniel Golle <daniel at makrotopia.org> writes:
> Hi Dominick,
Hi, I had that too. Use a clean tree. Worked for me.
root at OpenWrt:~# for i in sepol libselinux; do apk info $i ; done
WARNING: opening from cache https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/packages/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/base/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/luci/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/packages/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/routing/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/telephony/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/video/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/packages/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/base/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/luci/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/packages/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/routing/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/telephony/packages.adb: No such file or directory
WARNING: opening from cache https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/video/packages.adb: No such file or directory
libselinux-3.8.1-r1 description:
libselinux is the runtime SELinux library that provides interfaces (e.g. library functions for the SELinux kernel APIs like getcon(), other support functions like getseuserbyname()) to SELinux-aware applications. libselinux may use the shared libsepol to manipulate the binary policy if necessary (e.g. to downgrade the policy format to an older version supported by the kernel) when loading policy.
libselinux-3.8.1-r1 webpage:
http://selinuxproject.org/page/Main_Page
libselinux-3.8.1-r1 installed size:
200 KiB
root at OpenWrt:~#
>
> On Fri, Mar 28, 2025 at 03:28:06PM +0100, Dominick Grift wrote:
>> ...
>> diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile
>> index b1a34d293e..e9072d01ea 100644
>> --- a/package/libs/libsepol/Makefile
>> +++ b/package/libs/libsepol/Makefile
>> @@ -6,12 +6,12 @@
>> include $(TOPDIR)/rules.mk
>>
>> PKG_NAME:=libsepol
>> -PKG_VERSION:=3.5
>> +PKG_VERSION:=3.8.1
>> PKG_RELEASE:=1
>>
>> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
>> PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
>> -PKG_HASH:=78fdaf69924db780bac78546e43d9c44074bad798c2c415d0b9bb96d065ee8a2
>> +PKG_HASH:=0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
>
> somehow this fails to build for me on Arch Linux (gcc (GCC) 14.2.1 20250207)
>
> make[2]: Entering directory '/usr/src/openwrt/package/libs/libsepol'
> . /usr/src/openwrt/include/shell.sh;
> /usr/src/openwrt/staging_dir/host/bin/libdeflate-gzip -dc
> /usr/src/openwrt/dl/libsepol-3.8.1.tar.gz | tar -C
> /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/.. -xf -
> [ ! -d ./src/ ] || cp -fpR ./src/* /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1
> touch
> /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/.prepared373c40fbd50048c5dd856777f1d054e4_6664517399ebbbc92a37c5bb081b5c53
> (cd /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/; if [ -x
> configure ]; then cp -fpR /usr/src/openwrt/scripts/config.{guess,sub}
> /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1// && CC="ccache
> /usr/src/openwrt/staging_dir/host/bin/gcc" CFLAGS="-O2
> -I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include"
> CXX="ccache /usr/src/openwrt/staging_dir/host/bin/g++"
> CPPFLAGS="-I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include"
> CXXFLAGS="-O2 -I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include"
> LDFLAGS="-L/usr/src/openwrt/staging_dir/host/lib
> -L/usr/src/openwrt/staging_dir/hostpkg/lib
> -L/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/lib"
> CONFIG_SHELL="/usr/bin/env bash" bash ./configure
> --target=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
> --build=x86_64-pc-linux-gnu --disable-dependency-tracking
> --program-prefix="" --program-suffix=""
> --prefix=/usr/src/openwrt/staging_dir/hostpkg
> --exec-prefix=/usr/src/openwrt/staging_dir/hostpkg
> --sysconfdir=/usr/src/openwrt/staging_dir/hostpkg/etc
> --localstatedir=/usr/src/openwrt/staging_dir/hostpkg/var
> --sbindir=/usr/src/openwrt/staging_dir/hostpkg/bin ; fi )
> touch /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/.configured
> CFLAGS="-O2 -I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include"
> CPPFLAGS="-I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include"
> CXXFLAGS="-O2 -I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include"
> LDFLAGS="-L/usr/src/openwrt/staging_dir/host/lib
> -L/usr/src/openwrt/staging_dir/hostpkg/lib
> -L/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/lib"
> make -j1 -C
> /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/. PREFIX=/usr/src/openwrt/staging_dir/hostpkg
> SHLIBDIR=/usr/src/openwrt/staging_dir/hostpkg/lib
> make[3]: Entering directory '/usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1'
> make -C src
> make[4]: Entering directory '/usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/src'
> cc -I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include
> -O2 -I/usr/src/openwrt/staging_dir/host/include
> -I/usr/src/openwrt/staging_dir/hostpkg/include
> -I/usr/src/openwrt/staging_dir/target-aarch64_cortex-a53_musl/host/include
> -I. -I../include -D_GNU_SOURCE -I../cil/include -DHAVE_REALLOCARRAY
> -fPIC -c -o assertion.o assertion.c
> In file included from assertion.c:23:
> /usr/src/openwrt/staging_dir/hostpkg/include/sepol/policydb/conditional.h:57:18:
> error: two or more data types in declaration specifiers
> 57 | uint32_t bool;
> | ^~~~
> In file included from /usr/src/openwrt/staging_dir/hostpkg/include/sepol/policydb/expand.h:30,
> from assertion.c:26:
> /usr/src/openwrt/staging_dir/hostpkg/include/sepol/policydb/conditional.h:57:22: warning: declaration does not declare anything
> 57 | uint32_t bool;
> | ^
> assertion.c: In function 'report_failure':
> assertion.c:48:44: warning: passing argument 1 of 'sepol_av_to_string'
> discards 'const' qualifier from pointer target type
> [-Wdiscarded-qualifiers]
> 48 | char *permstr = sepol_av_to_string(p, curperm->tclass, perms);
> | ^
> In file included from assertion.c:27:
> /usr/src/openwrt/staging_dir/hostpkg/include/sepol/policydb/util.h:34:46:
> note: expected 'policydb_t *' {aka 'struct policydb *'} but argument
> is of type 'const policydb_t *' {aka 'const struct policydb *'}
> 34 | extern char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
> | ~~~~~~~~~~~~~^~~~~~~~~
> assertion.c: In function 'check_extended_permissions':
> assertion.c:110:46: error: 'AVRULE_XPERMS_NLMSG' undeclared (first use
> in this function); did you mean 'AVRULE_XPERMS_ALLOWED'?
> 110 | } else if ((neverallow->specified == AVRULE_XPERMS_NLMSG)
> | ^~~~~~~~~~~~~~~~~~~
> | AVRULE_XPERMS_ALLOWED
> assertion.c:110:46: note: each undeclared identifier is reported only once for each function it appears in
> assertion.c:111:49: error: 'AVTAB_XPERMS_NLMSG' undeclared (first use in this function); did you mean 'AVTAB_XPERMS_ALLOWED'?
> 111 | && (allow->specified == AVTAB_XPERMS_NLMSG)) {
> | ^~~~~~~~~~~~~~~~~~
> | AVTAB_XPERMS_ALLOWED
> assertion.c: In function 'extended_permissions_violated':
> assertion.c:146:46: error: 'AVRULE_XPERMS_NLMSG' undeclared (first use
> in this function); did you mean 'AVRULE_XPERMS_ALLOWED'?
> 146 | } else if ((neverallow->specified == AVRULE_XPERMS_NLMSG)
> | ^~~~~~~~~~~~~~~~~~~
> | AVRULE_XPERMS_ALLOWED
> assertion.c:147:49: error: 'AVTAB_XPERMS_NLMSG' undeclared (first use in this function); did you mean 'AVTAB_XPERMS_ALLOWED'?
> 147 | && (allow->specified == AVTAB_XPERMS_NLMSG)) {
> | ^~~~~~~~~~~~~~~~~~
> | AVTAB_XPERMS_ALLOWED
> assertion.c: In function 'report_assertion_extended_permissions':
> assertion.c:193:74: error: 'AVTAB_XPERMS_NLMSG' undeclared (first use in this function); did you mean 'AVTAB_XPERMS_ALLOWED'?
> 193 | && (xperms->specified != AVTAB_XPERMS_NLMSG))
> | ^~~~~~~~~~~~~~~~~~
> | AVTAB_XPERMS_ALLOWED
> assertion.c: In function 'report_assertion_avtab_matches':
> assertion.c:344:57: error: 'RULE_NOTSELF' undeclared (first use in this function); did you mean 'RULE_SELF'?
> 344 | const bool is_narule_notself = (narule->flags & RULE_NOTSELF) != 0;
> | ^~~~~~~~~~~~
> | RULE_SELF
> assertion.c: In function 'check_assertion_extended_permissions_avtab':
> assertion.c:487:74: error: 'AVTAB_XPERMS_NLMSG' undeclared (first use in this function); did you mean 'AVTAB_XPERMS_ALLOWED'?
> 487 | && (xperms->specified != AVTAB_XPERMS_NLMSG))
> | ^~~~~~~~~~~~~~~~~~
> | AVTAB_XPERMS_ALLOWED
> assertion.c: In function 'check_assertion_extended_permissions':
> assertion.c:587:57: error: 'RULE_NOTSELF' undeclared (first use in this function); did you mean 'RULE_SELF'?
> 587 | const bool is_narule_notself = (narule->flags & RULE_NOTSELF) != 0;
> | ^~~~~~~~~~~~
> | RULE_SELF
> assertion.c: In function 'check_assertion_avtab_match':
> assertion.c:757:29: error: 'RULE_NOTSELF' undeclared (first use in this function); did you mean 'RULE_SELF'?
> 757 | if (narule->flags & RULE_NOTSELF) {
> | ^~~~~~~~~~~~
> | RULE_SELF
> assertion.c: At top level:
> assertion.c:794:5: error: conflicting types for 'check_assertion';
> have 'int(policydb_t *, const avrule_t *)' {aka 'int(struct policydb
> *, const struct avrule *)'}
> 794 | int check_assertion(policydb_t *p, const avrule_t *narule)
> | ^~~~~~~~~~~~~~~
> In file included from assertion.c:25:
> /usr/src/openwrt/staging_dir/hostpkg/include/sepol/policydb/policydb.h:699:12:
> note: previous declaration of 'check_assertion' with type
> 'int(policydb_t *, avrule_t *)' {aka 'int(struct policydb *, struct
> avrule *)'}
> 699 | extern int check_assertion(policydb_t *p, avrule_t *avrule);
> | ^~~~~~~~~~~~~~~
> assertion.c:815:5: error: conflicting types for 'check_assertions';
> have 'int(sepol_handle_t *, policydb_t *, const avrule_t *)' {aka
> 'int(struct sepol_handle *, struct policydb *, const struct avrule
> *)'}
> 815 | int check_assertions(sepol_handle_t * handle, policydb_t * p,
> | ^~~~~~~~~~~~~~~~
> /usr/src/openwrt/staging_dir/hostpkg/include/sepol/policydb/policydb.h:700:12:
> note: previous declaration of 'check_assertions' with type
> 'int(sepol_handle_t *, policydb_t *, avrule_t *)' {aka 'int(struct
> sepol_handle *, struct policydb *, struct avrule *)'}
> 700 | extern int check_assertions(sepol_handle_t * handle,
> | ^~~~~~~~~~~~~~~~
> make[4]: *** [Makefile:82: assertion.o] Error 1
> make[4]: Leaving directory '/usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/src'
> make[3]: *** [Makefile:6: all] Error 2
> make[3]: Leaving directory '/usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1'
> make[2]: *** [Makefile:86: /usr/src/openwrt/build_dir/hostpkg/libsepol-3.8.1/.built] Error 2
> make[2]: Leaving directory '/usr/src/openwrt/package/libs/libsepol'
> time: package/libs/libsepol/host-compile#0.28#0.14#0.40
> ERROR: package/libs/libsepol [host] failed to build.
>
--
gpg --locate-keys dominick.grift at defensec.nl (wkd)
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
Dominick Grift
Mastodon: @kcinimod at defensec.nl
More information about the openwrt-devel
mailing list