I am building coreutils 9.10 on HP-UX 11.31 (Itanium) and that system doesn't
have SELinux support. While some code in coreutils 9.10 is surrounded by
a check for SELinux support, two source files in particular make multiple
SELinux calls without any such check: src/copy.c and src/mkfifo.c.
Even the inclusion of <selinux/selinux.h> or <selinux/label.h> is done
unconditionally in both src/copy.c and src/mkfifo.c, despite lib/config.h
being generated with a definitions (or not) of HAVE_SELINUX_SELINUX_H and
HAVE_SELINUX_LABEL_H. To get the code to compile on
HP-UX, I added a #if HAVE_SELINUX_SELINUX_H...#endif or
#if HAVE_SELINUX_LABEL_H...#endif around any SELinux-related
code. I've included the patch to do this below.
HP-UX Archive Librarian, E-mail: [email protected]
Connect Internet Solutions, Official HP-UX Archive WWW site:
Liverpool, http://hpux.connect.org.uk/
Merseyside,
United Kingdom.
--- src/copy.c.orig 2026-01-30 14:11:58.000000000 +0000
+++ src/copy.c 2026-02-05 10:37:35.177059000 +0000
@@ -20,7 +20,9 @@
#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/types.h>
+#if HAVE_SELINUX_SELINUX_H
#include <selinux/selinux.h>
+#endif /* HAVE_SELINUX_SELINUX_H */
#if HAVE_HURD_H
# include <hurd.h>
@@ -576,6 +578,7 @@
set_process_security_ctx (char const *src_name, char const *dst_name,
mode_t mode, bool new_dst, const struct cp_options
*x)
{
+#if HAVE_SELINUX_SELINUX_H
if (x->preserve_security_context)
{
/* Set the default context for the process to match the source. */
@@ -623,6 +626,7 @@
quoteaf (dst_name));
}
}
+#endif /* HAVE_SELINUX_SELINUX_H */
return true;
}
@@ -787,6 +791,7 @@
dest_desc = openat (dst_dirfd, dst_relname, open_flags);
dest_errno = errno;
+#if HAVE_SELINUX_SELINUX_H
/* When using cp --preserve=context to copy to an existing destination,
reset the context as per the default context, which has already been
set according to the src.
@@ -806,6 +811,7 @@
}
}
}
+#endif /* HAVE_SELINUX_SELINUX_H */
if (dest_desc < 0 && dest_errno != ENOENT
&& x->unlink_dest_after_failed_open)
@@ -1517,9 +1523,11 @@
static void
restore_default_fscreatecon_or_die (void)
{
+#if HAVE_SELINUX_SELINUX_H
if (setfscreatecon (NULL) != 0)
error (EXIT_FAILURE, errno,
_("failed to restore the default file creation context"));
+#endif /* HAVE_SELINUX_SELINUX_H */
}
/* Return a newly-allocated string that is like STR
@@ -2298,12 +2306,14 @@
delayed_ok = true;
+#if HAVE_SELINUX_SELINUX_H
/* If required, set the default security context for new files.
Also for existing files this is used as a reference
when copying the context with --preserve=context.
FIXME: Do we need to consider dst_mode_bits here? */
if (! set_process_security_ctx (src_name, dst_name, src_mode, new_dst, x))
return false;
+#endif /* HAVE_SELINUX_SELINUX_H */
if (S_ISDIR (src_mode))
{
--- src/mkfifo.c.orig 2026-01-21 13:51:40.000000000 +0000
+++ src/mkfifo.c 2026-02-05 11:25:31.601293000 +0000
@@ -20,7 +20,9 @@
#include <stdio.h>
#include <getopt.h>
#include <sys/types.h>
+#if HAVE_SELINUX_LABEL_H
#include <selinux/label.h>
+#endif /* HAVE_SELINUX_LABEL_H */
#include "system.h"
#include "modechange.h"
@@ -80,8 +82,10 @@
main (int argc, char **argv)
{
char const *specified_mode = NULL;
+#if HAVE_SELINUX_LABEL_H
char const *scontext = NULL;
struct selabel_handle *set_security_context = NULL;
+#endif /* HAVE_SELINUX_LABEL_H */
initialize_main (&argc, &argv);
set_program_name (argv[0]);
@@ -99,6 +103,7 @@
case 'm':
specified_mode = optarg;
break;
+#if HAVE_SELINUX_LABEL_H
case 'Z':
if (is_smack_enabled ())
{
@@ -124,6 +129,7 @@
"it requires an SELinux/SMACK-enabled kernel"));
}
break;
+#endif /* HAVE_SELINUX_LABEL_H */
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
@@ -137,6 +143,7 @@
usage (EXIT_FAILURE);
}
+#if HAVE_SELINUX_LABEL_H
if (scontext)
{
int ret = 0;
@@ -150,6 +157,7 @@
_("failed to set default file creation context to %s"),
quote (scontext));
}
+#endif /* HAVE_SELINUX_LABEL_H */
mode_t newmode = MODE_RW_UGO;
if (specified_mode)
@@ -169,8 +177,10 @@
int exit_status = EXIT_SUCCESS;
for (; optind < argc; ++optind)
{
+#if HAVE_SELINUX_LABEL_H
if (set_security_context)
defaultcon (set_security_context, argv[optind], S_IFIFO);
+#endif /* HAVE_SELINUX_LABEL_H */
if (mkfifo (argv[optind], newmode) != 0)
{
error (0, errno, _("cannot create fifo %s"), quoteaf (argv[optind]));
--
This e-mail (and any attachments) is private and confidential. If you have
received it in error, please notify the sender immediately and delete it
from your system. Do not use, copy or disclose the information in any way
nor act in reliance on it.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of Connect
Internet Solutions Ltd. This e-mail and any attachments are believed to be
virus free but it is the recipient's responsibility to ensure that they are.
Connect Internet Solutions Ltd
(A company registered in England No: 04424350)
Registered Office: 3rd Floor, New Barratt House, 47 North John Street,
Liverpool, L2 6SG
Telephone: +44 (0) 151 282 4321
VAT registration number: 758 2838 85
