Historically, we've used security_context_t for variables passed to libselinux APIs. But almost 7 years ago, libselinux developers admitted in their API that in fact, it's just a 'char *' type [1]. Ever since then the APIs accept 'char *' instead, but they kept the old alias just for API stability. Well, not anymore [2]. 1: https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 2: https://github.com/SELinuxProject/selinux/commit/7a124ca2758136f49cc38efc26fb1a2d385ecfd9 Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/libvirt-lxc.c | 2 +- src/rpc/virnetsocket.c | 2 +- src/security/security_selinux.c | 26 +++++++++++++------------- src/storage/storage_util.c | 2 +- src/util/viridentity.c | 2 +- tests/securityselinuxhelper.c | 16 ++++++++-------- tests/securityselinuxlabeltest.c | 4 ++-- tests/securityselinuxtest.c | 2 +- tests/viridentitytest.c | 2 +- 9 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c index 47a06a39f2..25f1cfc5f7 100644 --- a/src/libvirt-lxc.c +++ b/src/libvirt-lxc.c @@ -204,7 +204,7 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model, if (STREQ(model->model, "selinux")) { #ifdef WITH_SELINUX if (oldlabel) { - security_context_t ctx; + char *ctx; if (getcon(&ctx) < 0) { virReportSystemError(errno, diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index c62c2fb3fc..9aaabb4577 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -1612,7 +1612,7 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock G_GNUC_UNUSED, int virNetSocketGetSELinuxContext(virNetSocketPtr sock, char **context) { - security_context_t seccon = NULL; + char *seccon = NULL; int ret = -1; *context = NULL; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 1d28430035..cc8fb1099c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -198,7 +198,7 @@ virSecuritySELinuxTransactionAppend(const char *path, static int virSecuritySELinuxRememberLabel(const char *path, - const security_context_t con) + const char *con) { return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME, path, con); @@ -207,7 +207,7 @@ virSecuritySELinuxRememberLabel(const char *path, static int virSecuritySELinuxRecallLabel(const char *path, - security_context_t *con) + char **con) { int rv; @@ -431,7 +431,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, int *catMin, int *catMax) { - security_context_t ourSecContext = NULL; + char *ourSecContext = NULL; context_t ourContext = NULL; char *cat = NULL; char *tmp; @@ -530,8 +530,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, } static char * -virSecuritySELinuxContextAddRange(security_context_t src, - security_context_t dst) +virSecuritySELinuxContextAddRange(char *src, + char *dst) { char *str = NULL; char *ret = NULL; @@ -575,7 +575,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext, context_t context = NULL; char *ret = NULL; char *str; - security_context_t ourSecContext = NULL; + char *ourSecContext = NULL; context_t ourContext = NULL; VIR_DEBUG("basecontext=%s mcs=%s isObjectContext=%d", @@ -955,7 +955,7 @@ virSecuritySELinuxReserveLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, pid_t pid) { - security_context_t pctx; + char *pctx; context_t ctx = NULL; const char *mcs; int rv; @@ -1203,7 +1203,7 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED, pid_t pid, virSecurityLabelPtr sec) { - security_context_t ctx; + char *ctx; if (getpidcon_raw(pid, &ctx) == -1) { virReportSystemError(errno, @@ -1316,7 +1316,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr, bool remember) { bool privileged = virSecurityManagerGetPrivileged(mgr); - security_context_t econ = NULL; + char *econ = NULL; int refcount; int rc; bool rollback = false; @@ -1426,7 +1426,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon) /* Set fcon to the appropriate label for path and mode, or return -1. */ static int getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED, - const char *newpath, mode_t mode, security_context_t *fcon) + const char *newpath, mode_t mode, char **fcon) { virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); @@ -1443,7 +1443,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, { bool privileged = virSecurityManagerGetPrivileged(mgr); struct stat buf; - security_context_t fcon = NULL; + char *fcon = NULL; char *newpath = NULL; int rc; int ret = -1; @@ -2974,7 +2974,7 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED, { /* TODO: verify DOI */ virSecurityLabelDefPtr secdef; - security_context_t scon = NULL; + char *scon = NULL; char *str = NULL; int rc = -1; @@ -3283,7 +3283,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr, int fd) { struct stat buf; - security_context_t fcon = NULL; + char *fcon = NULL; virSecurityLabelDefPtr secdef; char *str = NULL, *proc = NULL, *fd_path = NULL; int rc = -1; diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 8d92232a87..ee048f02fe 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -1814,7 +1814,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSourcePtr target, struct stat *sb) { #if WITH_SELINUX - security_context_t filecon = NULL; + char *filecon = NULL; #endif if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 8cc2db2568..2cb9042a84 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -157,7 +157,7 @@ virIdentityPtr virIdentityGetSystem(void) unsigned long long startTime; g_autoptr(virIdentity) ret = NULL; #if WITH_SELINUX - security_context_t con; + char *con; #endif if (!(ret = virIdentityNew())) diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c index c3d7f8c1ce..64d2b75740 100644 --- a/tests/securityselinuxhelper.c +++ b/tests/securityselinuxhelper.c @@ -55,7 +55,7 @@ static struct selabel_handle *(*real_selabel_open)(unsigned int backend, unsigned nopts); static void (*real_selabel_close)(struct selabel_handle *handle); static int (*real_selabel_lookup_raw)(struct selabel_handle *handle, - security_context_t *con, + char **con, const char *key, int type); @@ -89,7 +89,7 @@ static void init_syms(void) * the virt_use_nfs bool is set. */ -int getcon_raw(security_context_t *context) +int getcon_raw(char **context) { if (!is_selinux_enabled()) { errno = EINVAL; @@ -104,12 +104,12 @@ int getcon_raw(security_context_t *context) return 0; } -int getcon(security_context_t *context) +int getcon(char **context) { return getcon_raw(context); } -int getpidcon_raw(pid_t pid, security_context_t *context) +int getpidcon_raw(pid_t pid, char **context) { if (!is_selinux_enabled()) { errno = EINVAL; @@ -129,7 +129,7 @@ int getpidcon_raw(pid_t pid, security_context_t *context) return 0; } -int getpidcon(pid_t pid, security_context_t *context) +int getpidcon(pid_t pid, char **context) { return getpidcon_raw(pid, context); } @@ -165,7 +165,7 @@ int setfilecon(const char *path, const char *con) return setfilecon_raw(path, con); } -int getfilecon_raw(const char *path, security_context_t *con) +int getfilecon_raw(const char *path, char **con) { char *constr = NULL; ssize_t len = getxattr(path, "user.libvirt.selinux", @@ -189,7 +189,7 @@ int getfilecon_raw(const char *path, security_context_t *con) } -int getfilecon(const char *path, security_context_t *con) +int getfilecon(const char *path, char **con) { return getfilecon_raw(path, con); } @@ -308,7 +308,7 @@ void selabel_close(struct selabel_handle *handle) } int selabel_lookup_raw(struct selabel_handle *handle, - security_context_t *con, + char **con, const char *key, int type) { diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c index 3040a36693..50b447c163 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -252,7 +252,7 @@ static int testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles) { size_t i; - security_context_t ctx; + char *ctx; for (i = 0; i < nfiles; i++) { ctx = NULL; @@ -360,7 +360,7 @@ mymain(void) if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \ ret = -1; - setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); + setcon("system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c index 6c8314de6b..3f069c2d6b 100644 --- a/tests/securityselinuxtest.c +++ b/tests/securityselinuxtest.c @@ -217,7 +217,7 @@ testSELinuxGenLabel(const void *opaque) context_t con = NULL; context_t imgcon = NULL; - if (setcon_raw((security_context_t)data->pidcon) < 0) { + if (setcon_raw(data->pidcon) < 0) { perror("Cannot set process security context"); return -1; } diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index 3f87af1c3b..9a8c8914d3 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -120,7 +120,7 @@ static int testIdentityGetSystem(const void *data) static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED) { #if WITH_SELINUX - return setcon_raw((security_context_t)data); + return setcon_raw(data); #else VIR_DEBUG("libvirt not compiled with SELinux, skipping this test"); return EXIT_AM_SKIP; -- 2.26.2
