NotificationsYou must be signed in to change notification settings
Fork4.9k
Star17.7k

Commit0f5812d

committed

Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/

Upstream SELinux has recently marked security_context_t as officiallydeprecated, causing warnings with -Wdeprecated-declarations. This isconsidered as legacy code for some time now by upstream assecurity_context_t got removed from most of the code tree during thedevelopment of 2.3 back in 2014.This removes all the references to security_context_t in sepgsql/ to beconsistent with SELinux, fixing the warnings. Note that this does notimpact the minimum version of libselinux supported.This has been applied first as1f32136 for 14~, but no other branchesgot the call. This is in line with the recent project policy to have nowarnings in branches where builds should still be supported (9.2~ as oftoday). Per discussion with Tom Lane and Álvaro Herrera.Reviewed-by: Tom LaneDiscussion:https://postgr.es/m/20200813012735.GC11663@paquier.xyzDiscussion:https://postgr.es/m/20221103181028.raqta27jcuypor4l@alvherre.pgsqlBackpatch-through: 9.2

1 parent57dfb6c commit0f5812dCopy full SHA for 0f5812d

File tree

3 files changed

+12

-12

lines changed

contrib/sepgsql

3 files changed

+12

-12

lines changed

`‎contrib/sepgsql/label.c`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ sepgsql_set_client_label(const char *new_label)`
`130`	`130`	`tcontext=client_label_peer;`
`131`	`131`	`else`
`132`	`132`	`{`
`133`		`-if (security_check_context_raw((security_context_t)new_label)<0)`
	`133`	`+if (security_check_context_raw(new_label)<0)`
`134`	`134`	`ereport(ERROR,`
`135`	`135`	`(errcode(ERRCODE_INVALID_NAME),`
`136`	`136`	`errmsg("SELinux: invalid security label: \"%s\"",`
`@@ -470,9 +470,9 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId)`
`470`	`470`	`object.objectSubId=subId;`
`471`	`471`
`472`	`472`	`label=GetSecurityLabel(&object,SEPGSQL_LABEL_TAG);`
`473`		`-if (!label\|\|security_check_context_raw((security_context_t)label))`
	`473`	`+if (!label\|\|security_check_context_raw(label))`
`474`	`474`	`{`
`475`		`-security_context_tunlabeled;`
	`475`	`+char*unlabeled;`
`476`	`476`
`477`	`477`	`if (security_get_initial_context_raw("unlabeled",&unlabeled)<0)`
`478`	`478`	`ereport(ERROR,`
`@@ -507,7 +507,7 @@ sepgsql_object_relabel(const ObjectAddress object, const char seclabel)`
`507`	`507`	`* context of selinux.`
`508`	`508`	`*/`
`509`	`509`	`if (seclabel&&`
`510`		`-security_check_context_raw((security_context_t)seclabel)<0)`
	`510`	`+security_check_context_raw(seclabel)<0)`
`511`	`511`	`ereport(ERROR,`
`512`	`512`	`(errcode(ERRCODE_INVALID_NAME),`
`513`	`513`	`errmsg("SELinux: invalid security label: \"%s\"",seclabel)));`
`@@ -746,7 +746,7 @@ exec_object_restorecon(struct selabel_handle * sehnd, Oid catalogId)`
`746`	`746`	`char*objname;`
`747`	`747`	`intobjtype=1234;`
`748`	`748`	`ObjectAddressobject;`
`749`		`-security_context_tcontext;`
	`749`	`+char*context;`
`750`	`750`
`751`	`751`	`/*`
`752`	`752`	`* The way to determine object name depends on object classes. So, any`

`‎contrib/sepgsql/selinux.c`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -767,8 +767,8 @@ sepgsql_compute_avd(const char *scontext,`
`767`	`767`	`* Ask SELinux what is allowed set of permissions on a pair of the`
`768`	`768`	`* security contexts and the given object class.`
`769`	`769`	`*/`
`770`		`-if (security_compute_av_flags_raw((security_context_t)scontext,`
`771`		`-(security_context_t)tcontext,`
	`770`	`+if (security_compute_av_flags_raw(scontext,`
	`771`	`+tcontext,`
`772`	`772`	`tclass_ex,0,&avd_ex)<0)`
`773`	`773`	`ereport(ERROR,`
`774`	`774`	`(errcode(ERRCODE_INTERNAL_ERROR),`
`@@ -839,7 +839,7 @@ sepgsql_compute_create(const char *scontext,`
`839`	`839`	`uint16tclass,`
`840`	`840`	`constchar*objname)`
`841`	`841`	`{`
`842`		`-security_context_tncontext;`
	`842`	`+char*ncontext;`
`843`	`843`	`security_class_ttclass_ex;`
`844`	`844`	`constchar*tclass_name;`
`845`	`845`	`char*result;`
`@@ -854,8 +854,8 @@ sepgsql_compute_create(const char *scontext,`
`854`	`854`	`* Ask SELinux what is the default context for the given object class on a`
`855`	`855`	`* pair of security contexts`
`856`	`856`	`*/`
`857`		`-if (security_compute_create_name_raw((security_context_t)scontext,`
`858`		`-(security_context_t)tcontext,`
	`857`	`+if (security_compute_create_name_raw(scontext,`
	`858`	`+tcontext,`
`859`	`859`	`tclass_ex,`
`860`	`860`	`objname,`
`861`	`861`	`&ncontext)<0)`

`‎contrib/sepgsql/uavc.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -177,7 +177,7 @@ sepgsql_avc_unlabeled(void)`
`177`	`177`	`{`
`178`	`178`	`if (!avc_unlabeled)`
`179`	`179`	`{`
`180`		`-security_context_tunlabeled;`
	`180`	`+char*unlabeled;`
`181`	`181`
`182`	`182`	`if (security_get_initial_context_raw("unlabeled",&unlabeled)<0)`
`183`	`183`	`ereport(ERROR,`
`@@ -225,7 +225,7 @@ sepgsql_avc_compute(const char scontext, const char tcontext, uint16 tclass)`
`225`	`225`	`* policy is reloaded, validation status shall be kept, so we also cache`
`226`	`226`	`* whether the supplied security context was valid, or not.`
`227`	`227`	`*/`
`228`		`-if (security_check_context_raw((security_context_t)tcontext)!=0)`
	`228`	`+if (security_check_context_raw(tcontext)!=0)`
`229`	`229`	`ucontext=sepgsql_avc_unlabeled();`
`230`	`230`
`231`	`231`	`/*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0f5812d

File tree

3 files changed

3 files changed

`‎contrib/sepgsql/label.c`

`‎contrib/sepgsql/selinux.c`

`‎contrib/sepgsql/uavc.c`

0 commit comments