packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
glibc/makedb-fix-build-with-libselinux-3.1.patch

94 lines
3.4 KiB
Diff
Raw Normal View History

fix build with libselinux >= 3.1
2020-09-22 23:57:20 +08:00
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-alpha@sourceware.org
Subject: [PATCH] makedb: fix build with libselinux >= 3.1
Date: Tue, 21 Jul 2020 07:01:16 +0200
Message-Id: <20200721050115.204181-1-aurelien@aurel32.net>
URL: http://patchwork.sourceware.org/project/glibc/patch/20200721050115.204181-1-aurelien@aurel32.net/
--------------------------------------------------------------------
glibc doesn't build with libselinux 3.1 that has been released recently
due to new deprecations introduced in that version and the fact that
glibc is built with -Werror by default:
| makedb.c: In function set_file_creation_context:
| makedb.c:849:3: error: security_context_t is deprecated [-Werror=deprecated-declarations]
| 849 | security_context_t ctx;
| | ^~~~~~~~~~~~~~~~~~
| makedb.c:863:3: error: matchpathcon is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations]
| 863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
| | ^~
| In file included from makedb.c:50:
| /usr/include/selinux/selinux.h:500:12: note: declared here
| 500 | extern int matchpathcon(const char *path,
| | ^~~~~~~~~~~~
| cc1: all warnings being treated as errors
This patch is an attempt to fix that. It has only built tested, as I do
not have a system nor the knowledge to test that. I have checked that
the functions used as replacement are available since at least selinux
2.0.96, released more than 10 years ago, so we probably do not need any
version check in the configure script.
---
nss/makedb.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
I believe this patch is not acceptable for glibc 2.32, I guess we should
just add a #pragma to ignore -Werror=deprecated-declarations in that
file.
Note: there is the same issue in nscd/selinux.c. I plan to have a look
once we settle on a strategy.
diff --git a/nss/makedb.c b/nss/makedb.c
index 8e389a16837..a5c4b521172 100644
--- a/nss/makedb.c
+++ b/nss/makedb.c
@@ -47,6 +47,7 @@
/* SELinux support. */
#ifdef HAVE_SELINUX
+# include <selinux/label.h>
# include <selinux/selinux.h>
#endif
@@ -846,7 +847,8 @@ set_file_creation_context (const char *outname, mode_t mode)
{
static int enabled;
static int enforcing;
- security_context_t ctx;
+ struct selabel_handle *label_hnd = NULL;
+ char* ctx;
/* Check if SELinux is enabled, and remember. */
if (enabled == 0)
@@ -858,9 +860,16 @@ set_file_creation_context (const char *outname, mode_t mode)
if (enforcing == 0)
enforcing = security_getenforce () ? 1 : -1;
+ /* Open the file contexts backend. */
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (!label_hnd)
+ if (setfscreatecon (ctx) != 0)
+ error (enforcing > 0 ? EXIT_FAILURE : 0, 0,
+ gettext ("cannot initialize SELinux context"));
+
/* Determine the context which the file should have. */
ctx = NULL;
- if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
+ if (selabel_lookup(label_hnd, &ctx, outname, S_IFREG | mode) == 0 && ctx != NULL)
{
if (setfscreatecon (ctx) != 0)
error (enforcing > 0 ? EXIT_FAILURE : 0, 0,
@@ -868,7 +877,11 @@ set_file_creation_context (const char *outname, mode_t mode)
outname);
freecon (ctx);
+ selabel_close(label_hnd);
}
+
+ /* Close the file contexts backend. */
+ selabel_close(label_hnd);
}
static void
Reference in New Issue Copy Permalink