On Tue, Oct 10, 2023 at 1:08 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Mon, Aug 14, 2023 at 9:41 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > The selabel_file(5) option SELABEL_OPT_SUBSET has been deprecated in
> > commit 26e05da0fc2d ("libselinux: matchpathcon/selabel_file: Fix man
> > pages.") for version 2.5.
> >
> > Drop the support to easy refactoring the selabel_file related code.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> > ---
> > libselinux/include/selinux/label.h | 2 +-
> > libselinux/include/selinux/selinux.h | 6 +++++-
> > libselinux/src/Makefile | 4 ++++
> > libselinux/src/label_file.c | 19 ++++++++-----------
> > libselinux/src/label_file.h | 13 ++-----------
> > libselinux/src/matchpathcon.c | 4 +---
> > libselinux/utils/matchpathcon.c | 11 ++---------
> > libselinux/utils/sefcontext_compile.c | 3 +--
> > 8 files changed, 24 insertions(+), 38 deletions(-)
> >
> > diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
> > index ce189a3a..6cb2d782 100644
> > --- a/libselinux/include/selinux/label.h
> > +++ b/libselinux/include/selinux/label.h
> > @@ -50,7 +50,7 @@ struct selabel_handle;
> > #define SELABEL_OPT_BASEONLY 2
> > /* specify an alternate path to use when loading backend data */
> > #define SELABEL_OPT_PATH 3
> > -/* select a subset of the search space as an optimization (file backend) */
> > +/* Unsupported since v3.6: select a subset of the search space as an optimization (file backend) */
> > #define SELABEL_OPT_SUBSET 4
> > /* require a hash calculation on spec files */
> > #define SELABEL_OPT_DIGEST 5
> > diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
> > index a0948853..3b23cb50 100644
> > --- a/libselinux/include/selinux/selinux.h
> > +++ b/libselinux/include/selinux/selinux.h
> > @@ -484,7 +484,11 @@ extern int matchpathcon_init(const char *path)
> >
> > /* Same as matchpathcon_init, but only load entries with
> > regexes that have stems that are prefixes of 'prefix'. */
> > -extern int matchpathcon_init_prefix(const char *path, const char *prefix);
> > +extern int matchpathcon_init_prefix(const char *path, const char *prefix)
> > +#ifdef __GNUC__
> > + __attribute__ ((deprecated("Use selabel_open with backend SELABEL_CTX_FILE")))
> > +#endif
> > +;
> >
> > /* Free the memory allocated by matchpathcon_init. */
> > extern void matchpathcon_fini(void)
> > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> > index ac656257..15d224e1 100644
> > --- a/libselinux/src/Makefile
> > +++ b/libselinux/src/Makefile
> > @@ -144,6 +144,10 @@ ifeq ($(DISABLE_X11),y)
> > SRCS:= $(filter-out label_x.c, $(SRCS))
> > endif
> >
> > +# ignore usage of matchpathcon_init_prefix(3)
> > +matchpathcon.o: CFLAGS += -Wno-deprecated -Wno-deprecated-declarations
> > +matchpathcon.lo: CFLAGS += -Wno-deprecated -Wno-deprecated-declarations
> > +
>
> "-Wno-deprecated" means do not warn about deprecated features and
> seems to be about deprecated c++ features. I don't think we need it
> here.
>
> Everything else looks ok to me as long as no distro is depending on
> this deprecated option.
Removing an option flag defined in the public API of libselinux would
be an API and ABI break, requiring a major version change. Not worth
it IMHO.
