<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>RE: [CMake] SELinux and plugins</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Done. This is issue 5660:<BR>
<A HREF="http://cmake.org/Bug/view.php?id=5660">http://cmake.org/Bug/view.php?id=5660</A><BR>
If anyone is familiar with ACLs or Mandatory Access Controls (MACs)<BR>
on other platforms, some input on the bug page might be useful.<BR>
<BR>
David<BR>
<BR>
-----Original Message-----<BR>
From: Mathieu Malaterre [<A HREF="mailto:mathieu.malaterre@gmail.com">mailto:mathieu.malaterre@gmail.com</A>]<BR>
Sent: Thu 9/6/2007 12:44 AM<BR>
To: Thompson, David C<BR>
Cc: Alan W. Irwin; CMake List<BR>
Subject: Re: [CMake] SELinux and plugins<BR>
<BR>
On 9/6/07, David C Thompson <dcthomp@sandia.gov> wrote:<BR>
> On Wed, 2007-09-05 at 13:53 -0700, Alan W. Irwin wrote:<BR>
> > On 2007-09-05 19:28-0000 David C Thompson wrote:<BR>
> > > I am curious whether CMake has any facilities for setting SELinux<BR>
> > > security contexts on targets (and other files) when they are INSTALLed.<BR>
> > > With SELinux enabled and enforcing, libraries built with the MODULE<BR>
> > > keyword -- and *all* of their dependent shared libraries -- should have<BR>
> > > a context of "system_u:object_r:lib_t" set with the chcon program.<BR>
> > > Otherwise, programs won't be able to load the plugin with dlopen. I've<BR>
> > > witnessed this behavior with mysqld on Fedora Core 6.<BR>
> ><BR>
> > I think you need to try the CODE or SCRIPT signature of INSTALL. Those<BR>
> > signatures are quite powerful and should allow you to create or process<BR>
> > files any way you want for the install tree.<BR>
><BR>
> Thanks, I will use those for now. But it seems like this should be part<BR>
> of the INSTALL( ... ) command, either as a default value for library<BR>
> targets or as an option like<BR>
> INSTALL( TARGETS somePlugin<BR>
> RUNTIME DESTINATION bin<BR>
> LIBRARY DESTINATION lib<BR>
> ARCHIVE DESTINATION lib<BR>
> CONTEXT "system_u:object_r:lib_t"<BR>
> )<BR>
> It would be ignored on systems where it makes no sense and would make<BR>
> life significantly easier on systems with selinux, ACLs, etc.<BR>
<BR>
David,<BR>
<BR>
Can you add that as a feature request, so that a CMake dev can later<BR>
on implement it (hopefully).<BR>
<BR>
<A HREF="http://cmake.org/Bug">http://cmake.org/Bug</A><BR>
<BR>
Thanks,<BR>
<BR>
--<BR>
Mathieu<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>