Fix build compat with older libselinux for LXC

Most versions of libselinux do not contain the function
selinux_lxc_contexts_path() that the security driver
recently started using for LXC. We must add a conditional
check for it in configure and then disable the LXC security
driver for builds where libselinux lacks this function.

* configure.ac: Check for selinux_lxc_contexts_path
* src/security/security_selinux.c: Disable LXC security
  if selinux_lxc_contexts_path() is missing

diff --git a/configure.ac b/configure.ac
index 9c356c9326f3da76a3ee3468c1470baaf67e30da..d666736fbc889a0b8e64b51304e6af4951f21615 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1360,6 +1360,7 @@ else
   fail=0
   AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
   AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
+  AC_CHECK_FUNCS([selinux_lxc_contexts_path])
   CFLAGS="$old_cflags"
   LIBS="$old_libs"
 

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b0bb0a05085afedf448c24cb179573e7af79d8f7..2b8ff19250981f615b85eb74fb3160d1138d3a54 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -127,6 +127,7 @@ err:
 }
 
 
+#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static int
 SELinuxLXCInitialize(virSecurityManagerPtr mgr)
 {
@@ -189,6 +190,15 @@ error:
     VIR_FREE(data->content_context);
     return -1;
 }
+#else
+static int
+SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+{
+    virReportSystemError(ENOSYS, "%s",
+                         _("libselinux does not support LXC contexts path"));
+    return -1;
+}
+#endif
 
 
 static int
@@ -443,9 +453,12 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
     if (!is_selinux_enabled())
         return SECURITY_DRIVER_DISABLE;
 
-    if (virtDriver && STREQ(virtDriver, "LXC") &&
-        !virFileExists(selinux_lxc_contexts_path()))
-        return SECURITY_DRIVER_DISABLE;
+    if (virtDriver && STREQ(virtDriver, "LXC")) {
+#if HAVE_SELINUX_LXC_CONTEXTS_PATH
+        if (!virFileExists(selinux_lxc_contexts_path()))
+#endif
+            return SECURITY_DRIVER_DISABLE;
+    }
 
     return SECURITY_DRIVER_ENABLE;
 }