[PATCH RFC] build: fix build with libselinux 2.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The attached patch is an attempt to fix recent build failures I've
noticed with libselinux 2.3

CC       securityselinuxhelper.lo
securityselinuxhelper.c:159:5: error: conflicting types for 'setcon_raw'
 int setcon_raw(security_context_t context)
     ^
In file included from securityselinuxhelper.c:30:0:
/usr/include/selinux/selinux.h:41:12: note: previous declaration of
'setcon_raw' was here
 extern int setcon_raw(const char * con);
            ^
 securityselinuxhelper.c:168:5: error: conflicting types for 'setcon'
  int setcon(security_context_t context)
      ^
In file included from securityselinuxhelper.c:30:0:
/usr/include/selinux/selinux.h:40:12: note: previous declaration of
'setcon' was here
 extern int setcon(const char * con);
            ^
securityselinuxhelper.c:174:5: error: conflicting types for 'setfilecon_raw'
 int setfilecon_raw(const char *path, security_context_t con)
     ^
In file included from securityselinuxhelper.c:30:0:
/usr/include/selinux/selinux.h:110:12: note: previous declaration of
'setfilecon_raw' was here
 extern int setfilecon_raw(const char *path, const char * con);
            ^
securityselinuxhelper.c:185:5: error: conflicting types for 'setfilecon'
 int setfilecon(const char *path, security_context_t con)
     ^
In file included from securityselinuxhelper.c:30:0:
/usr/include/selinux/selinux.h:109:12: note: previous declaration of
'setfilecon' was here
 extern int setfilecon(const char *path, const char * con);
            ^

Noticing that security_context_t changed to 'const char *', my first
thought was to use AC_CHECK_TYPE to check for security_conext_t, but
alas the typedef remains in 2.3 with the comment "No longer used; here
for compatibility with legacy callers".

I then pursued the approach in this patch of defining a config var based
on 'pkg-config --modversion', which works in a test script, but not in
the context of the LIBVIRT_CHECK_SELINUX macro.  Probably due to some
missed quoting, but I'm reaching the m4 knowledge barrier.  Before
attempting to bypass that, I'd like to see what others think of this
approach.  Is there a simpler solution?

Regards,
Jim



>From 29a4c10dabb4cc1fd0585f404759a99c538a26c1 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@xxxxxxxx>
Date: Tue, 27 May 2014 21:31:36 -0600
Subject: [PATCH] build: fix build with libselinux 2.3

Several function signatures changed in libselinux 2.3, now taking
a 'const char *' instead of 'security_context_t'.  The latter is
defined in selinux/selinux.h as

  typedef char *security_context_t;
---
 m4/virt-selinux.m4            |   11 +++++++++++
 tests/securityselinuxhelper.c |   16 ++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
index 003c2a8..b19f344 100644
--- a/m4/virt-selinux.m4
+++ b/m4/virt-selinux.m4
@@ -28,6 +28,17 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
     [with_selinux_mount=check])
 
   if test "$with_selinux" = "yes"; then
+    AC_MSG_CHECKING([SELinux version])
+    ver=$(pkg-config --modversion libselinux)
+    major_ver=`echo $ver | awk -F. '{print $1}'`
+    minor_ver=`echo $ver | awk -F. '{print $2}'`
+    SELINUX_VER=`expr $major_ver + $minor_ver`
+    AC_MSG_RESULT([$SELINUX_VER])
+    if test $SELINUX_VER -ge 2003; then
+       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
+                          [SELinux uses char * for security context])
+    fi
+
     AC_MSG_CHECKING([SELinux mount point])
     if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
       if test -d /sys/fs/selinux ; then
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index dbc4c29..af4fae4 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context)
     return getpidcon_raw(pid, context);
 }
 
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon_raw(const char *context)
+#else
 int setcon_raw(security_context_t context)
+#endif
 {
     if (!is_selinux_enabled()) {
         errno = EINVAL;
@@ -165,13 +169,21 @@ int setcon_raw(security_context_t context)
     return setenv("FAKE_SELINUX_CONTEXT", context, 1);
 }
 
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon(const char *context)
+#else
 int setcon(security_context_t context)
+#endif
 {
     return setcon_raw(context);
 }
 
 
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon_raw(const char *path, const char *con)
+#else
 int setfilecon_raw(const char *path, security_context_t con)
+#endif
 {
     const char *constr = con;
     if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, security_context_t con)
                     constr, strlen(constr), 0);
 }
 
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon(const char *path, const char *con)
+#else
 int setfilecon(const char *path, security_context_t con)
+#endif
 {
     return setfilecon_raw(path, con);
 }
-- 
1.7.9.2


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]