packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
glibc/makedb-fix-build-with-libselinux-3.1.patch
seuzw b3e4492663 fix build with libselinux >= 3.1
2020-09-23 16:45:03 +08:00

94 lines
3.4 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-alpha@sourceware.org
Subject: [PATCH] makedb: fix build with libselinux >= 3.1
Date: Tue, 21 Jul 2020 07:01:16 +0200
Message-Id: <20200721050115.204181-1-aurelien@aurel32.net>
URL: http://patchwork.sourceware.org/project/glibc/patch/20200721050115.204181-1-aurelien@aurel32.net/
--------------------------------------------------------------------
glibc doesn't build with libselinux 3.1 that has been released recently
due to new deprecations introduced in that version and the fact that
glibc is built with -Werror by default:
| makedb.c: In function set_file_creation_context:
| makedb.c:849:3: error: security_context_t is deprecated [-Werror=deprecated-declarations]
| 849 | security_context_t ctx;
| | ^~~~~~~~~~~~~~~~~~
| makedb.c:863:3: error: matchpathcon is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations]
| 863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
| | ^~
| In file included from makedb.c:50:
| /usr/include/selinux/selinux.h:500:12: note: declared here
| 500 | extern int matchpathcon(const char *path,
| | ^~~~~~~~~~~~
| cc1: all warnings being treated as errors
This patch is an attempt to fix that. It has only built tested, as I do
not have a system nor the knowledge to test that. I have checked that
the functions used as replacement are available since at least selinux
2.0.96, released more than 10 years ago, so we probably do not need any
version check in the configure script.
---
nss/makedb.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
I believe this patch is not acceptable for glibc 2.32, I guess we should
just add a #pragma to ignore -Werror=deprecated-declarations in that
file.
Note: there is the same issue in nscd/selinux.c. I plan to have a look
once we settle on a strategy.
diff --git a/nss/makedb.c b/nss/makedb.c
index 8e389a16837..a5c4b521172 100644
--- a/nss/makedb.c
+++ b/nss/makedb.c
@@ -47,6 +47,7 @@
/* SELinux support. */
#ifdef HAVE_SELINUX
+# include <selinux/label.h>
# include <selinux/selinux.h>
#endif
@@ -846,7 +847,8 @@ set_file_creation_context (const char *outname, mode_t mode)
{
static int enabled;
static int enforcing;
- security_context_t ctx;
+ struct selabel_handle *label_hnd = NULL;
+ char* ctx;
/* Check if SELinux is enabled, and remember. */
if (enabled == 0)
@@ -858,9 +860,16 @@ set_file_creation_context (const char *outname, mode_t mode)
if (enforcing == 0)
enforcing = security_getenforce () ? 1 : -1;
+ /* Open the file contexts backend. */
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (!label_hnd)
+ if (setfscreatecon (ctx) != 0)
+ error (enforcing > 0 ? EXIT_FAILURE : 0, 0,
+ gettext ("cannot initialize SELinux context"));
+
/* Determine the context which the file should have. */
ctx = NULL;
- if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
+ if (selabel_lookup(label_hnd, &ctx, outname, S_IFREG | mode) == 0 && ctx != NULL)
{
if (setfscreatecon (ctx) != 0)
error (enforcing > 0 ? EXIT_FAILURE : 0, 0,
@@ -868,7 +877,11 @@ set_file_creation_context (const char *outname, mode_t mode)
outname);
freecon (ctx);
+ selabel_close(label_hnd);
}
+
+ /* Close the file contexts backend. */
+ selabel_close(label_hnd);
}
static void
Reference in New Issue View Git Blame Copy Permalink