8000 Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/ · postgres/postgres@c58c077 · GitHub
[go: up one dir, main page]
Skip to content

Commit c58c077

Browse files
michaelpqmichaelpq
committed
Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/
Upstream SELinux has recently marked security_context_t as officially deprecated, causing warnings with -Wdeprecated-declarations. This is considered as legacy code for some time now by upstream as security_context_t got removed from most of the code tree during the development of 2.3 back in 2014. This removes all the references to security_context_t in sepgsql/ to be consistent with SELinux, fixing the warnings. Note that this does not impact the minimum version of libselinux supported. This has been applied first as 1f32136 for 14~, but no other branches got the call. This is in line with the recent project policy to have no warnings in branches where builds should still be supported (9.2~ as of today). Per discussion with Tom Lane and Álvaro Herrera. Reviewed-by: Tom Lane Discussion: https://postgr.es/m/20200813012735.GC11663@paquier.xyz Discussion: https://postgr.es/m/20221103181028.raqta27jcuypor4l@alvherre.pgsql Backpatch-through: 9.2
1 parent fec4434 commit c58c077

File tree

3 files changed

+12
-12
lines changed

3 files changed

+12
-12
lines changed

contrib/sepgsql/label.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ sepgsql_set_client_label(const char *new_label)
129129
tcontext = client_label_peer;
130130
else
131131
{
132-
if (security_check_context_raw((security_context_t) new_label) < 0)
132+
if (security_check_context_raw(new_label) < 0)
133133
ereport(ERROR,
134134
(errcode(ERRCODE_INVALID_NAME),
135135
errmsg("SELinux: invalid security label: \"%s\"",
@@ -451,9 +451,9 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
451451
object.objectSubId = subId;
452452

453453
label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
454-
if (!label || security_check_context_raw((security_context_t) label))
454+
if (!label || security_check_context_raw(label))
455455
{
456-
security_context_t unlabeled;
456+
char *unlabeled;
457457

458458
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
459459
ereport(ERROR,
@@ -488,7 +488,7 @@ sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)
488488
* context of selinux.
489489
*/
490490
if (seclabel &&
491-
security_check_context_raw((security_context_t) seclabel) < 0)
491+
security_check_context_raw(seclabel) < 0)
492492
ereport(ERROR,
493493
(errcode(ERRCODE_INVALID_NAME),
494494
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
@@ -727,7 +727,7 @@ exec_object_restorecon(struct selabel_handle * sehnd, Oid catalogId)
727727
char *objname;
728728
int objtype = 1234;
729729
ObjectAddress object;
730-
security_context_t context;
730+
char *context;
731731

732732
/*
733733
* The way to determine object name depends on object classes. So, any

contrib/sepgsql/selinux.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -767,8 +767,8 @@ sepgsql_compute_avd(const char *scontext,
767767
* Ask SELinux what is allowed set of permissions on a pair of the
768768
* security contexts and the given object class.
769769
*/
770-
if (security_compute_av_flags_raw((security_context_t) scontext,
771-
(security_context_t) tcontext,
770+
if (security_compute_av_flags_raw(scontext,
771+
tcontext,
772772
tclass_ex, 0, &avd_ex) < 0)
773773
ereport(ERROR,
774774
(errcode(ERRCODE_INTERNAL_ERROR),
@@ -838,7 +838,7 @@ sepgsql_compute_create(const char *scontext,
838838
const char *tcontext,
839839
uint16 tclass)
840840
{
841-
security_context_t ncontext;
841+
char *ncontext;
842842
security_class_t tclass_ex;
843843
const char *tclass_name;
844844
char *result;
@@ -853,8 +853,8 @@ sepgsql_compute_create(const char *scontext,
853853
* Ask SELinux what is the default context for the given object class on a
854854
* pair of security contexts
855855
*/
856-
if (security_compute_create_raw((security_context_t) scontext,
857-
(security_context_t) tcontext,
856+
if (security_compute_create_raw(scontext,
857+
tcontext,
858858
tclass_ex, &ncontext) < 0)
859859
ereport(ERROR,
860860 BAE5
(errcode(ERRCODE_INTERNAL_ERROR),

contrib/sepgsql/uavc.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ sepgsql_avc_unlabeled(void)
177177
{
178178
if (!avc_unlabeled)
179179
{
180-
security_context_t unlabeled;
180+
char *unlabeled;
181181

182182
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
183183
ereport(ERROR,
@@ -225,7 +225,7 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
225225
* policy is reloaded, validation status shall be kept, so we also cache
226226
* whether the supplied security context was valid, or not.
227227
*/
228-
if (security_check_context_raw((security_context_t) tcontext) != 0)
228+
if (security_check_context_raw(tcontext) != 0)
229229
ucontext = sepgsql_avc_unlabeled();
230230

231231
/*

0 commit comments

Comments
 (0)
0