Pádraig Brady <[email protected]> writes: > The build can be force enabled with --with-selinux and vice versa. > > * build-aux/gen-lists-of-programs.sh: Move chcon and runcon > to the list of optional programs. > * configure.ac: Only enable chcon and runcon if selinux.h is available. > * NEWS: Mention the Build-related change. > Fixes https://github.com/coreutils/coreutils/issues/121 > --- > NEWS | 6 ++++++ > build-aux/gen-lists-of-programs.sh | 4 ++-- > configure.ac | 10 ++++++++++ > 3 files changed, 18 insertions(+), 2 deletions(-)
Patch seems reasonable. I was a bit worried about the original request to disable these programs if the system did not use SELinux. Since, as far as I am aware, you can very easily disable it and enable it with a reboot, which is separate from setting it to permissive mode. Not building it in the case of someone disabling it would be incorrect, as they may have only done it temporarily. But with your patch it is built if the SELinux headers are found. So that means on Debian, which does not use SELinux by default, it will be built if you have the libselinux1-dev package. Based on a written guide, I guess some Debian users like SELinux [1]. So maybe they will keep the programs or make them optional. Collin [1] https://wiki.debian.org/SELinux/Setup
