pam-selinux 1.3 is incompatible with libselinux 3.1

[fishilico]

libselinux 3.1 removed /usr/include/selinux/flask.h, which makes building pam-selinux fails with:

pam_selinux.c:66:10: fatal error: selinux/flask.h: No such file or directory
   66 | #include <selinux/flask.h>
      |          ^~~~~~~~~~~~~~~~~

This issue is fixed with pam 1.4.0, but this version is currently in Arch Linux testing repository and seems to have important issues: https://bugs.archlinux.org/task/67372 and https://bugs.archlinux.org/task/67347.

I am waiting for these bugs to be fixed before upgrading pam-selinux to version 1.4.0. In the meantime, users can either:

• downgrade libsepol, libselinux, libsemanage... to version 3.0, using this GitHub repository
• test upgrading pam-selinux with the following PKGBUILD (which would be the one that I would have committed if everything was right) and report issues upstream and here:

# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>
# SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org)
# SELinux Contributor: Timothée Ravier <tim@siosm.fr>
# SELinux Contributor: Nicky726 <nicky726@gmail.com>
#
# This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux.
# If you want to help keep it up to date, please open a Pull Request there.

pkgname=pam-selinux
pkgver=1.4.0
pkgrel=2
pkgdesc="SELinux aware PAM (Pluggable Authentication Modules) library"
arch=('x86_64')
license=('GPL2')
url="http://linux-pam.org"
depends=('glibc' 'cracklib' 'libtirpc' 'pambase-selinux' 'audit' 'libselinux')
makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}")
provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}"
          "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}")
backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf} etc/environment)
groups=('selinux')
source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
        https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz.asc)
validpgpkeys=(
        '8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB' # Thorsten Kukuk
        '296D6F29A020808E8717A8842DB5BD89A340AEB7' #Dimitry V. Levin <ldv@altlinux.org>
)

sha256sums=('cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034'
            'SKIP')

options=('!emptydirs')

build() {
  cd Linux-PAM-$pkgver
  ./configure --libdir=/usr/lib --sbindir=/usr/bin --disable-db \
              --enable-selinux
  make
}

package() {
  cd Linux-PAM-$pkgver
  make DESTDIR="$pkgdir" SCONFIGDIR=/etc/security install

  # set unix_chkpwd uid
  chmod +s "$pkgdir"/usr/bin/unix_chkpwd

  # remove doc which is not used anymore
  # FS #40749
  rm "$pkgdir"/usr/share/doc/Linux-PAM/sag-pam_userdb.html
}

If pam issues are not solved in a few weeks, I will consider backporting the fix for libselinux>=3.1 support.

[fishilico]

pam-selinux has now been updated, fixing this issue.