On Mon, Feb 24, 2020 at 12:44 PM William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > > > > On Mon, Feb 24, 2020 at 11:00 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> >> On 2/24/20 11:49 AM, William Roberts wrote: >> > On Fri, Feb 21, 2020 at 2:40 AM Petr Lautrbach <plautrba@xxxxxxxxxx >> > <mailto:plautrba@xxxxxxxxxx>> wrote: >> > >> > From: Stephen Smalley <sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>> >> > >> > commit 1f89c4e7879fcf6da5d8d1b025dcc03371f30fc9 ("libselinux: Eliminate >> > use of security_compute_user()") eliminated the use of >> > security_compute_user() by get_ordered_context_list(). Deprecate >> > all use of security_compute_user() by updating the headers and man >> > pages and logging a warning message on any calls to it. Remove >> > the example utility that called the interface. While here, also >> > fix the documentation of correct usage of the user argument to these >> > interfaces. >> > >> > Fixes: https://github.com/SELinuxProject/selinux/issues/70 >> > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx >> > <mailto:sds@xxxxxxxxxxxxx>> >> > Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx >> > <mailto:plautrba@xxxxxxxxxx>> >> > --- >> >> > diff --git a/libselinux/include/selinux/selinux.h >> > b/libselinux/include/selinux/selinux.h >> > index 883d8b85742c..6a512b383325 100644 >> > --- a/libselinux/include/selinux/selinux.h >> > +++ b/libselinux/include/selinux/selinux.h >> > @@ -246,8 +246,12 @@ extern int security_compute_member_raw(const >> > char * scon, >> > security_class_t tclass, >> > char ** newcon); >> > >> > -/* Compute the set of reachable user contexts and set *con to refer to >> > - the NULL-terminated array of contexts. Caller must free via >> > freeconary. */ >> > +/* >> > + * Compute the set of reachable user contexts and set *con to refer to >> > + * the NULL-terminated array of contexts. Caller must free via >> > freeconary. >> > + * These interfaces are deprecated. Use get_ordered_context_list() or >> > + * one of its variant interfaces instead. >> > + */ >> > extern int security_compute_user(const char * scon, >> > const char *username, >> > char *** con); >> > >> > >> > Any reason we're not tagging this with __attribute__ ((deprecated));? >> >> Doesn't appear that we've ever used that. Is it widely supported across >> compilers and versions or limited to recent gcc? >> > > Its at least since GCC 3.3 and it's been supported in every clang compiler version I am aware of (linked to 3.3). > https://gcc.gnu.org/onlinedocs/gcc-3.3/gcc/Type-Attributes.html > https://releases.llvm.org/3.3/tools/clang/docs/LanguageExtensions.html > Sorry for the HTML, apparently Google stopped making that my default when replying... >
