E585 Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/ · postgres/postgres@9172375 · GitHub
[go: up one dir, main page]
Skip to content

Commit 9172375

Browse files
michaelpqmichaelpq
committed
Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/
Upstream SELinux has recently marked security_context_t as officially deprecated, causing warnings with -Wdeprecated-declarations. This is considered as legacy code for some time now by upstream as security_context_t got removed from most of the code tree during the development of 2.3 back in 2014. This removes all the references to security_context_t in sepgsql/ to be consistent with SELinux, fixing the warnings. Note that this does not impact the minimum version of libselinux supported. This has been applied first as 1f32136 for 14~, but no other branches got the call. This is in line with the recent project policy to have no warnings in branches where builds should still be supported (9.2~ as of today). Per discussion with Tom Lane and Álvaro Herrera. Reviewed-by: Tom Lane Discussion: https://postgr.es/m/20200813012735.GC11663@paquier.xyz Discussion: https://postgr.es/m/20221103181028.raqta27jcuypor4l@alvherre.pgsql Backpatch-through: 9.2
1 parent 679c394 commit 9172375

File tree

3 files changed

+12
-12
lines changed

3 files changed

+12
-12
lines changed

contrib/sepgsql/label.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ sepgsql_set_client_label(const char *new_label)
122122
tcontext = client_label_peer;
123123
else
124124
{
125-
if (security_check_context_raw((security_context_t) new_label) < 0)
125+
if (security_check_context_raw(new_label) < 0)
126126
ereport(ERROR,
127127
(errcode(ERRCODE_INVALID_NAME),
128128
errmsg("SELinux: invalid security label: \"%s\"",
@@ -462,9 +462,9 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
462462
object.objectSubId = subId;
463463

464464
label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
465-
if (!label || security_check_context_raw((security_context_t) label))
465+
if (!label || security_check_context_raw(label))
466466
{
467-
security_context_t unlabeled;
467+
char *unlabeled;
468468

469469
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
470470
ereport(ERROR,
@@ -499,7 +499,7 @@ sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)
499499
* context of selinux.
500500
*/
501501
if (seclabel &&
502-
security_check_context_raw((security_context_t) seclabel) < 0)
502+
security_check_context_raw(seclabel) < 0)
503503
ereport(ERROR,
504504
(errcode(ERRCODE_INVALID_NAME),
505505
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
@@ -741,7 +741,7 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
741741
char *objname;
742742
int objtype = 1234;
743743
ObjectAddress object;
744-
security_context_t context;
744+
char *context;
745745

746746
/*
747747
* The way to determine object name depends on object classes. So, any

contrib/sepgsql/selinux.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -767,8 +767,8 @@ sepgsql_compute_avd(const char *scontext,
767767
* Ask SELinux what is allowed set of permissions on a pair of the
768768
* security contexts and the given object class.
769769
*/
770-
if (security_compute_av_flags_raw((security_context_t) scontext,
771-
(security_context_t) tcontext,
770+
if (security_compute_av_flags_raw(scontext,
771+
tcontext,
772772
tclass_ex, 0, &avd_ex) < 0)
773773
ereport(ERROR,
774774
(errcode(ERRCODE_INTERNAL_ERROR),
@@ -839,7 +839,7 @@ sepgsql_compute_create(const char *scontext,
839839
uint16 tclass,
840840
const char *objname)
841841
{
842-
security_context_t ncontext;
842+
char *ncontext;
843843
security_class_t tclass_ex;
844844
const char *tclass_name;
845845
char *result;
@@ -854,8 +854,8 @@ sepgsql_compute_create(const char *scontext,
854854
* Ask SELinux what is the default context for the given object class on a
855855
* pair of security contexts
856856
*/
857-
if (security_compute_create_name_raw((security_context_t) scontext,
858-
(security_context_t) tcontext,
857+
if (security_compute_create_name_raw(scontext,
858+
tcontext,
859859
tclass_ex,
860860
objname,
861861
&ncontext) < 0)

contrib/sepgsql/uavc.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ sepgsql_avc_unlabeled(void)
177177
{
178178
if (!avc_unlabeled)
179179
{
180-
security_context_t unlabeled;
180+
char *unlabeled;
181181

182182
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
183183
ereport(ERROR,
@@ -225,7 +225,7 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
225225
* policy is reloaded, validation status shall be kept, so we also cache
226226
* whether the supplied security context was valid, or not.
227227
*/
228-
if (security_check_context_raw((security_context_t) tcontext) != 0)
228+
if (security_check_context_raw(tcontext) != 0)
229229
ucontext = sepgsql_avc_unlabeled();
230230

231231
/*

0 commit comments

Comments
 (0)
0