[CMake] SELinux and plugins

Thompson, David C dcthomp at sandia.gov
Thu Sep 6 04:25:09 EDT 2007 

Done. This is issue 5660:
  http://cmake.org/Bug/view.php?id=5660
If anyone is familiar with ACLs or Mandatory Access Controls (MACs)
on other platforms, some input on the bug page might be useful.

    David

-----Original Message-----
From: Mathieu Malaterre [mailto:mathieu.malaterre at gmail.com]
Sent: Thu 9/6/2007 12:44 AM
To: Thompson, David C
Cc: Alan W. Irwin; CMake List
Subject: Re: [CMake] SELinux and plugins
 
On 9/6/07, David C Thompson <dcthomp at sandia.gov> wrote:
> On Wed, 2007-09-05 at 13:53 -0700, Alan W. Irwin wrote:
> > On 2007-09-05 19:28-0000 David C Thompson wrote:
> > > I am curious whether CMake has any facilities for setting SELinux
> > > security contexts on targets (and other files) when they are INSTALLed.
> > > With SELinux enabled and enforcing, libraries built with the MODULE
> > > keyword -- and *all* of their dependent shared libraries -- should have
> > > a context of "system_u:object_r:lib_t" set with the chcon program.
> > > Otherwise, programs won't be able to load the plugin with dlopen. I've
> > > witnessed this behavior with mysqld on Fedora Core 6.
> >
> > I think you need to try the CODE or SCRIPT signature of INSTALL.  Those
> > signatures are quite powerful and should allow you to create or process
> > files any way you want for the install tree.
>
> Thanks, I will use those for now. But it seems like this should be part
> of the INSTALL( ... ) command, either as a default value for library
> targets or as an option like
>   INSTALL( TARGETS somePlugin
>     RUNTIME DESTINATION bin
>     LIBRARY DESTINATION lib
>     ARCHIVE DESTINATION lib
>     CONTEXT "system_u:object_r:lib_t"
>   )
> It would be ignored on systems where it makes no sense and would make
> life significantly easier on systems with selinux, ACLs, etc.

David,

  Can you add that as a feature request, so that a CMake dev can later
on implement it (hopefully).

  http://cmake.org/Bug

Thanks,

-- 
Mathieu


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.kitware.com/pipermail/cmake/attachments/20070906/e40d8dda/attachment.htm

More information about the CMake mailing list