|Anonymous | Login||2017-07-27 18:35 EDT|
|My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005660||CMake||CMake||public||2007-09-06 04:24||2016-06-10 14:30|
|Assigned To||Brad King|
|Target Version||Fixed in Version|
|Summary||0005660: INSTALL command should provide way to set ACL/SELinux context|
|Description||This is a feature request. CMake should provide a way to set SELinux security contexts on targets (and other files) when they are INSTALLed (at a minimum... perhaps this should be part of the FILE command as well?).|
With SELinux enabled and enforcing, libraries built with the MODULE keyword -- and *all* of their dependent shared libraries -- should have a context of "system_u:object_r:lib_t" set with the chcon program. Otherwise, programs won't be able to load the plugin with dlopen. This behavior has been witnessed with mysqld on Fedora Core 6.
It seems like this should be part of the INSTALL( ... ) command, either as a default value for library targets or as an option like
INSTALL( TARGETS somePlugin
RUNTIME DESTINATION bin
LIBRARY DESTINATION lib
ARCHIVE DESTINATION lib
It would be ignored on systems where it makes no sense and would make life significantly easier on systems with selinux, ACLs, etc. The exact definition of the string passed after the CONTEXT keyword might vary from platform to platform.
|Additional Information||Alan Irwin notes this workaround:|
I think you need to try the CODE or SCRIPT signature of INSTALL. Those signatures are quite powerful and should allow you to create or process files any way you want for the install tree.
This is indeed possible but does require finding the chcon binary, obtaining the full filename and path for the target in its installed location, and calling EXEC_PROGRAM inside INSTALL( CODE ... ).
|Tags||No tags attached.|
Brad King (manager)
Sending issues I'm not actively working on to the backlog to await someone with time for them.
If an issue you care about is sent to the backlog when you feel it should have been addressed in a different manner, please bring it up on the CMake mailing list for discussion. Sign up for the mailing list here, if you're not already on it:
It's easy to re-activate a bug here if you can find a CMake developer or contributor who has the bandwidth to take it on.
Kitware Robot (administrator)
Resolving issue as `moved`.
This issue tracker is no longer used. Further discussion of this issue may take place in the current CMake Issues page linked in the banner at the top of this page.
|2007-09-06 04:24||David Thompson||New Issue|
|2007-10-12 10:03||Bill Hoffman||Status||new => assigned|
|2007-10-12 10:03||Bill Hoffman||Assigned To||=> Brad King|
|2012-08-13 10:36||Brad King||Status||assigned => backlog|
|2012-08-13 10:36||Brad King||Note Added: 0030503|
|2016-06-10 14:27||Kitware Robot||Note Added: 0041382|
|2016-06-10 14:27||Kitware Robot||Status||backlog => resolved|
|2016-06-10 14:27||Kitware Robot||Resolution||open => moved|
|2016-06-10 14:30||Kitware Robot||Status||resolved => closed|
|Copyright © 2000 - 2017 MantisBT Team|