Signed-off-by: Jason Zaman <[email protected]>
---
Makefile | 7 +++++++
build.conf | 5 +++++
support/Makefile.devel | 4 ++++
3 files changed, 16 insertions(+)
diff --git a/Makefile b/Makefile
index 57d297c9..8e149345 100644
--- a/Makefile
+++ b/Makefile
@@ -192,6 +192,10 @@ ifeq "$(DISTRO)" "ubuntu"
M4PARAM += -D distro_debian
endif
+ifneq ($(LIBC),)
+ M4PARAM += -D libc_$(LIBC)
+endif
+
ifeq "$(SYSTEMD)" "y"
M4PARAM += -D init_systemd
endif
@@ -541,6 +545,9 @@ install-headers: $(layerxml) $(tunxml) $(boolxml)
$(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
ifneq "$(DISTRO)" ""
$(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
+endif
+ifneq "$(LIBC)" ""
+ $(verbose) echo "LIBC ?= $(LIBC)" >> $(headerdir)/build.conf
endif
$(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
$(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
diff --git a/build.conf b/build.conf
index a2f1a9b5..add0fcf8 100644
--- a/build.conf
+++ b/build.conf
@@ -29,6 +29,11 @@ NAME = refpolicy
# Fedora users should enable redhat.
#DISTRO = redhat
+# libc
+# Setting this will configure which libc is used.
+# gnu, musl are the current options.
+LIBC = gnu
+
# Unknown Permissions Handling
# The behavior for handling permissions defined in the
# kernel but missing from the policy. The permissions
diff --git a/support/Makefile.devel b/support/Makefile.devel
index f3daca11..fb296084 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -58,6 +58,10 @@ ifneq ($(DISTRO),)
M4PARAM += -D distro_$(DISTRO)
endif
+ifneq ($(LIBC),)
+ M4PARAM += -D libc_$(LIBC)
+endif
+
ifeq "$(SYSTEMD)" "y"
M4PARAM += -D init_systemd
endif
--
2.18.1
Signed-off-by: Jason Zaman <[email protected]>
---
policy/modules/system/libraries.te | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 422b0ea1..3bb792e6 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -145,3 +145,11 @@ optional_policy(`
optional_policy(`
unconfined_domain(ldconfig_t)
')
+
+ifdef(`distro_gentoo',`
+ ifdef(`libc_musl',`
+ allow ldconfig_t self:fifo_file rw_fifo_file_perms;
+ corecmd_exec_shell(ldconfig_t)
+ corecmd_exec_bin(ldconfig_t)
+ ')
+')
--
2.18.1
Signed-off-by: Jason Zaman <[email protected]>
---
policy/modules/system/sysnetwork.if | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 316f4362..3685d1a3 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -765,6 +765,11 @@ interface(`sysnet_dns_name_resolve',`
systemd_read_machines($1)
')
')
+
+ ifdef(`libc_musl',`
+ corenet_tcp_bind_generic_node($1)
+ corenet_udp_bind_generic_node($1)
+ ')
')
########################################
--
2.18.1
On 11/18/18 6:37 AM, Jason Zaman wrote:
> Signed-off-by: Jason Zaman <[email protected]>
> ---
> Makefile | 7 +++++++
> build.conf | 5 +++++
> support/Makefile.devel | 4 ++++
> 3 files changed, 16 insertions(+)
>
> diff --git a/Makefile b/Makefile
> index 57d297c9..8e149345 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -192,6 +192,10 @@ ifeq "$(DISTRO)" "ubuntu"
> M4PARAM += -D distro_debian
> endif
>
> +ifneq ($(LIBC),)
> + M4PARAM += -D libc_$(LIBC)
> +endif
> +
> ifeq "$(SYSTEMD)" "y"
> M4PARAM += -D init_systemd
> endif
> @@ -541,6 +545,9 @@ install-headers: $(layerxml) $(tunxml) $(boolxml)
> $(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
> ifneq "$(DISTRO)" ""
> $(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
> +endif
> +ifneq "$(LIBC)" ""
> + $(verbose) echo "LIBC ?= $(LIBC)" >> $(headerdir)/build.conf
> endif
> $(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
> $(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
> diff --git a/build.conf b/build.conf
> index a2f1a9b5..add0fcf8 100644
> --- a/build.conf
> +++ b/build.conf
> @@ -29,6 +29,11 @@ NAME = refpolicy
> # Fedora users should enable redhat.
> #DISTRO = redhat
>
> +# libc
> +# Setting this will configure which libc is used.
> +# gnu, musl are the current options.
> +LIBC = gnu
> +
> # Unknown Permissions Handling
> # The behavior for handling permissions defined in the
> # kernel but missing from the policy. The permissions
> diff --git a/support/Makefile.devel b/support/Makefile.devel
> index f3daca11..fb296084 100644
> --- a/support/Makefile.devel
> +++ b/support/Makefile.devel
> @@ -58,6 +58,10 @@ ifneq ($(DISTRO),)
> M4PARAM += -D distro_$(DISTRO)
> endif
>
> +ifneq ($(LIBC),)
> + M4PARAM += -D libc_$(LIBC)
> +endif
> +
> ifeq "$(SYSTEMD)" "y"
> M4PARAM += -D init_systemd
> endif
I'm not inclined to merge this set. It seems niche, even in terms of
Gentoo.
--
Chris PeBenito