[CMake] SELinux and plugins
David C Thompson
dcthomp at sandia.gov
Wed Sep 5 18:09:15 EDT 2007
On Wed, 2007-09-05 at 13:53 -0700, Alan W. Irwin wrote:
> On 2007-09-05 19:28-0000 David C Thompson wrote:
> > I am curious whether CMake has any facilities for setting SELinux
> > security contexts on targets (and other files) when they are INSTALLed.
> > With SELinux enabled and enforcing, libraries built with the MODULE
> > keyword -- and *all* of their dependent shared libraries -- should have
> > a context of "system_u:object_r:lib_t" set with the chcon program.
> > Otherwise, programs won't be able to load the plugin with dlopen. I've
> > witnessed this behavior with mysqld on Fedora Core 6.
>
> I think you need to try the CODE or SCRIPT signature of INSTALL. Those
> signatures are quite powerful and should allow you to create or process
> files any way you want for the install tree.
Thanks, I will use those for now. But it seems like this should be part
of the INSTALL( ... ) command, either as a default value for library
targets or as an option like
INSTALL( TARGETS somePlugin
RUNTIME DESTINATION bin
LIBRARY DESTINATION lib
ARCHIVE DESTINATION lib
CONTEXT "system_u:object_r:lib_t"
)
It would be ignored on systems where it makes no sense and would make
life significantly easier on systems with selinux, ACLs, etc.
David
More information about the CMake
mailing list