MantisBT - CMake | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0005660 | CMake | CMake | public | 2007-09-06 04:24 | 2016-06-10 14:30 |
| Reporter | David Thompson | ||||
| Assigned To | Brad King | ||||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | moved | ||
| Platform | OS | OS Version | |||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0005660: INSTALL command should provide way to set ACL/SELinux context | ||||
| Description | This is a feature request. CMake should provide a way to set SELinux security contexts on targets (and other files) when they are INSTALLed (at a minimum... perhaps this should be part of the FILE command as well?). With SELinux enabled and enforcing, libraries built with the MODULE keyword -- and *all* of their dependent shared libraries -- should have a context of "system_u:object_r:lib_t" set with the chcon program. Otherwise, programs won't be able to load the plugin with dlopen. This behavior has been witnessed with mysqld on Fedora Core 6. It seems like this should be part of the INSTALL( ... ) command, either as a default value for library targets or as an option like INSTALL( TARGETS somePlugin RUNTIME DESTINATION bin LIBRARY DESTINATION lib ARCHIVE DESTINATION lib CONTEXT "system_u:object_r:lib_t" ) It would be ignored on systems where it makes no sense and would make life significantly easier on systems with selinux, ACLs, etc. The exact definition of the string passed after the CONTEXT keyword might vary from platform to platform. | ||||
| Steps To Reproduce | |||||
| Additional Information | Alan Irwin notes this workaround: I think you need to try the CODE or SCRIPT signature of INSTALL. Those signatures are quite powerful and should allow you to create or process files any way you want for the install tree. This is indeed possible but does require finding the chcon binary, obtaining the full filename and path for the target in its installed location, and calling EXEC_PROGRAM inside INSTALL( CODE ... ). | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2007-09-06 04:24 | David Thompson | New Issue | |||
| 2007-10-12 10:03 | Bill Hoffman | Status | new => assigned | ||
| 2007-10-12 10:03 | Bill Hoffman | Assigned To | => Brad King | ||
| 2012-08-13 10:36 | Brad King | Status | assigned => backlog | ||
| 2012-08-13 10:36 | Brad King | Note Added: 0030503 | |||
| 2016-06-10 14:27 | Kitware Robot | Note Added: 0041382 | |||
| 2016-06-10 14:27 | Kitware Robot | Status | backlog => resolved | ||
| 2016-06-10 14:27 | Kitware Robot | Resolution | open => moved | ||
| 2016-06-10 14:30 | Kitware Robot | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||