bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 12:30 UTC
[Bug 1850] New: Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Summary: Build fails when SELinux is enabled
Product: Portable OpenSSH
Version: 5.7p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: leonardo at ngdn.org
Created attachment 1983
--> https://bugzilla.mindrot.org/attachment.cgi?id=1983
openssh-5.7p1-selinux.diff
SSH client 5.7p1 calls SELinux specific functions such as matchpathcon,
setfscreatecon and setfscreatecon but the configure script is not
linking the 'ssh' binary against the SELinux library, so the build
fails with undefined references.
The attached patch is just a suggestion. It works here, but I'm not
sure if it's correct according to Autoconf standards.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 13:07 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Colin Watson <cjwatson at debian.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cjwatson at debian.org
--- Comment #1 from Colin Watson <cjwatson at debian.org> 2011-01-25
00:07:26 EST ---
Similarly, ssh.c refers to SELinux symbols if WITH_SELINUX is defined,
but it doesn't include <selinux/selinux.h> or similar.
Oddly, the relevant functions were added in this commit:
- (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC
ifdefs
for missing headers and compiler warnings.
This seems to have nothing to do with SELinux. Was this possibly an
incomplete change committed by mistake?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-25 01:06 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Blocks| |1845
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2011-01-25
12:06:49 EST ---
It looks like this one was my fault but I'll have to dig through the
changes to see where it went off the rails. In the mean time Damien
has posted a fix:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-January/029271.html
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-25 01:56 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850 --- Comment #3 from Colin Watson <cjwatson at debian.org> 2011-01-25 12:56:10 EST --- Damien's fix doesn't quite work for me: gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -fstack-protector-all -Wl,--as-needed -fPIE -pie -Wl,-z,relro -Wl,-z,now -lssh -lopenbsd-compat -lselinux -lresolv -lcrypto -ldl -lutil -lz -lnsl -lcrypt -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fstack-protector-all -O2 -fPIE -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -DLOGIN_PROGRAM="/bin/login" -DLOGIN_NO_ENDOPT -DSSH_EXTRAVERSION="Debian-1" -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err openbsd-compat//libopenbsd-compat.a(port-linux.o): In function `ssh_selinux_getctxbyname': /home/cjwatson/src/debian/openssh/trunk/experimental/openssh/build-deb/openbsd-compat/../../openbsd-compat/port-linux.c:78: undefined reference to `the_authctxt' collect2: ld returned 1 exit status -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-25 02:14 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2011-01-25 13:14:27 EST --- Are you sure that's an unmodified tree? I don't see "the_authctxt" in port-linux.c at all, in Damien's patch either as posted (or committed) and I can build it --with-selinux on fedora. $ grep the_authctxt openbsd-compat/port-linux.c $ -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-25 04:28 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #5 from Damien Miller <djm at mindrot.org> 2011-01-25 15:28:27
EST ---
FYI the diff that I committed is here:
http://hg.mindrot.org/openssh/raw-rev/4a9f5523a949
Downstream packagers are encouraged to use this one since it might
reduce conflicts with patches applied on top of it (further fixes
touching this code or subsequent releases).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-25 09:38 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850 --- Comment #6 from Colin Watson <cjwatson at debian.org> 2011-01-25 20:38:38 EST --- Oh bugger. You're quite right - this was due to the patch for bug #1641 that our SELinux people wanted me to carry. I'll go and fix it up ... Sorry for wasting time. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-25 12:21 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850 --- Comment #7 from Leonardo Chiquitto <leonardo at ngdn.org> 2011-01-25 23:21:38 EST --- Thanks for the patch, Damien. I tested it here and it works. Feel free to close the bug. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-15 02:18 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Apr-12 05:27 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dennis.wronka at gmail.com
--- Comment #8 from Damien Miller <djm at mindrot.org> 2011-04-12 15:27:38
EST ---
*** Bug 1881 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 05:32 UTC
[Bug 1850] Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #9 from Damien Miller <djm at mindrot.org> 2011-09-06 15:32:57
EST ---
close resolved bugs now that openssh-5.9 has been released
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 1851] New: ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time
- [PATCH 0/4] Turn-key PV-GRUB2 installation
- [Bug 3406] New: RSA key authentication doesn't work with enabled GSSAPIKeyExchange: sign_and_send_pubkey: internal error: initial hostkey not recorded
- openssh-5.8p1 does not compille with --with-selinux
- bunch of small fixes