diff options
| author | Simon McVittie <smcv@collabora.com> | 2021-06-11 10:14:07 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2021-06-22 17:52:53 +0100 |
| commit | eb48ee8347ee07be15f5ed08089a9ddfd6a906fb (patch) | |
| tree | 7734546633a69dc20d181210e8a9d9cc50b2e523 | |
| parent | 6714024bedb3326f086c09c3a4608f744970072b (diff) | |
| download | bubblewrap-eb48ee8347ee07be15f5ed08089a9ddfd6a906fb.tar.gz | |
utils: Remove security_context_t casts for libselinux >= 2.3
security_context_t has always been a typedef for char * and used more
or less interchangeably with char *, but the use of a typedef turned
out to be bad for const-correctness. The function signatures were
changed to take const char * in libselinux 2.3, in 2014[1] and the
typedef was formally deprecated in 2020[2].
On very old OSs like Ubuntu 14.04, reinstate the casts to suppress
warnings from -Wdiscarded-qualifiers.
[1] https://github.com/SELinuxProject/selinux/commit/9eb9c9327563
[2] https://github.com/SELinuxProject/selinux/commit/7a124ca27581
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rw-r--r-- | configure.ac | 3 | ||||
| -rw-r--r-- | utils.c | 13 |
2 files changed, 13 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index dd6f9e3..6167ea4 100644 --- a/configure.ac +++ b/configure.ac @@ -81,6 +81,9 @@ if test "x$enable_selinux" != "xno"; then if test "x$have_selinux" = xno -a "x$enable_selinux" = xyes; then AC_MSG_ERROR([*** SELinux support requested but libraries not found]) fi + PKG_CHECK_MODULES([SELINUX_2_3], [libselinux >= 2.3], + [AC_DEFINE(HAVE_SELINUX_2_3, 1, [Define if SELinux is version >= 2.3])], + [:]) fi AM_CONDITIONAL(HAVE_SELINUX, [test "$have_selinux" = "yes"]) @@ -24,6 +24,13 @@ #include <selinux/selinux.h> #endif +#ifndef HAVE_SELINUX_2_3 +/* libselinux older than 2.3 weren't const-correct */ +#define setexeccon(x) setexeccon ((security_context_t) x) +#define setfscreatecon(x) setfscreatecon ((security_context_t) x) +#define security_check_context(x) security_check_context ((security_context_t) x) +#endif + void die_with_error (const char *format, ...) { @@ -65,7 +72,7 @@ die_unless_label_valid (const char *label) #ifdef HAVE_SELINUX if (is_selinux_enabled () == 1) { - if (security_check_context ((security_context_t) label) < 0) + if (security_check_context (label) < 0) die_with_error ("invalid label %s", label); return; } @@ -815,7 +822,7 @@ label_create_file (const char *file_label) { #ifdef HAVE_SELINUX if (is_selinux_enabled () > 0 && file_label) - return setfscreatecon ((security_context_t) file_label); + return setfscreatecon (file_label); #endif return 0; } @@ -825,7 +832,7 @@ label_exec (const char *exec_label) { #ifdef HAVE_SELINUX if (is_selinux_enabled () > 0 && exec_label) - return setexeccon ((security_context_t) exec_label); + return setexeccon (exec_label); #endif return 0; } |