Fetch the repository succeeded.
This action will force synchronization from src-openEuler/libvirt, which will overwrite any changes that you have made since you forked the repository, and can not be recovered!!!
Synchronous operation will process in the background and will refresh the page when finishing processing. Please be patient.
From 0ca4dd0cd279448ff28beb4c88e52107531783a3 Mon Sep 17 00:00:00 2001
From: Xu Yandong <xuyandong2@huawei.com>
Date: Tue, 4 Aug 2020 01:44:48 +0000
Subject: [PATCH] Substitute security_context_t with char *
Historically, we've used security_context_t for variables passed
to libselinux APIs. But almost 7 years ago, libselinux developers
admitted in their API that in fact, it's just a 'char *' type
[1]. Ever since then the APIs accept 'char *' instead, but they
kept the old alias just for API stability. Well, not anymore [2].
1: https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
2: https://github.com/SELinuxProject/selinux/commit/7a124ca2758136f49cc38efc26fb1a2d385ecfd9
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
(cherry-picked from commit e71e13488dc1aa65456e54a4b41bc925821b4263)
Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
---
src/libvirt-lxc.c | 2 +-
src/rpc/virnetsocket.c | 2 +-
src/security/security_selinux.c | 26 +++++++++++++-------------
src/storage/storage_util.c | 2 +-
src/util/viridentity.c | 2 +-
tests/securityselinuxhelper.c | 16 ++++++++--------
tests/securityselinuxlabeltest.c | 4 ++--
tests/securityselinuxtest.c | 2 +-
tests/viridentitytest.c | 2 +-
9 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c
index 47a06a3..25f1cfc 100644
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@@ -204,7 +204,7 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
if (STREQ(model->model, "selinux")) {
#ifdef WITH_SELINUX
if (oldlabel) {
- security_context_t ctx;
+ char *ctx;
if (getcon(&ctx) < 0) {
virReportSystemError(errno,
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 6c790cb..5537289 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -1595,7 +1595,7 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock G_GNUC_UNUSED,
int virNetSocketGetSELinuxContext(virNetSocketPtr sock,
char **context)
{
- security_context_t seccon = NULL;
+ char *seccon = NULL;
int ret = -1;
*context = NULL;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 8aeb6e4..72d1658 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -198,7 +198,7 @@ virSecuritySELinuxTransactionAppend(const char *path,
static int
virSecuritySELinuxRememberLabel(const char *path,
- const security_context_t con)
+ const char *con)
{
return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME,
path, con);
@@ -207,7 +207,7 @@ virSecuritySELinuxRememberLabel(const char *path,
static int
virSecuritySELinuxRecallLabel(const char *path,
- security_context_t *con)
+ char **con)
{
int rv;
@@ -431,7 +431,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
int *catMin,
int *catMax)
{
- security_context_t ourSecContext = NULL;
+ char *ourSecContext = NULL;
context_t ourContext = NULL;
char *cat = NULL;
char *tmp;
@@ -530,8 +530,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
}
static char *
-virSecuritySELinuxContextAddRange(security_context_t src,
- security_context_t dst)
+virSecuritySELinuxContextAddRange(char *src,
+ char *dst)
{
char *str = NULL;
char *ret = NULL;
@@ -575,7 +575,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
context_t context = NULL;
char *ret = NULL;
char *str;
- security_context_t ourSecContext = NULL;
+ char *ourSecContext = NULL;
context_t ourContext = NULL;
VIR_DEBUG("basecontext=%s mcs=%s isObjectContext=%d",
@@ -967,7 +967,7 @@ virSecuritySELinuxReserveLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
pid_t pid)
{
- security_context_t pctx;
+ char *pctx;
context_t ctx = NULL;
const char *mcs;
int rv;
@@ -1217,7 +1217,7 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
pid_t pid,
virSecurityLabelPtr sec)
{
- security_context_t ctx;
+ char *ctx;
if (getpidcon_raw(pid, &ctx) == -1) {
virReportSystemError(errno,
@@ -1330,7 +1330,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
bool remember)
{
bool privileged = virSecurityManagerGetPrivileged(mgr);
- security_context_t econ = NULL;
+ char *econ = NULL;
int refcount;
int rc;
bool rollback = false;
@@ -1440,7 +1440,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
/* Set fcon to the appropriate label for path and mode, or return -1. */
static int
getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
- const char *newpath, mode_t mode, security_context_t *fcon)
+ const char *newpath, mode_t mode, char **fcon)
{
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@@ -1457,7 +1457,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
{
bool privileged = virSecurityManagerGetPrivileged(mgr);
struct stat buf;
- security_context_t fcon = NULL;
+ char *fcon = NULL;
char *newpath = NULL;
int rc;
int ret = -1;
@@ -2972,7 +2972,7 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
{
/* TODO: verify DOI */
virSecurityLabelDefPtr secdef;
- security_context_t scon = NULL;
+ char *scon = NULL;
char *str = NULL;
int rc = -1;
@@ -3259,7 +3259,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
int fd)
{
struct stat buf;
- security_context_t fcon = NULL;
+ char *fcon = NULL;
virSecurityLabelDefPtr secdef;
char *str = NULL, *proc = NULL, *fd_path = NULL;
int rc = -1;
diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c
index 1ec1d13..4c67d3a 100644
--- a/src/storage/storage_util.c
+++ b/src/storage/storage_util.c
@@ -1818,7 +1818,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSourcePtr target,
struct stat *sb)
{
#if WITH_SELINUX
- security_context_t filecon = NULL;
+ char *filecon = NULL;
#endif
if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0)
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 8cc2db2..2cb9042 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -157,7 +157,7 @@ virIdentityPtr virIdentityGetSystem(void)
unsigned long long startTime;
g_autoptr(virIdentity) ret = NULL;
#if WITH_SELINUX
- security_context_t con;
+ char *con;
#endif
if (!(ret = virIdentityNew()))
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index f89224c..63b5726 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -58,7 +58,7 @@ static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
unsigned nopts);
static void (*real_selabel_close)(struct selabel_handle *handle);
static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
- security_context_t *con,
+ char **con,
const char *key,
int type);
@@ -94,7 +94,7 @@ static void init_syms(void)
* the virt_use_nfs bool is set.
*/
-int getcon_raw(security_context_t *context)
+int getcon_raw(char **context)
{
if (!is_selinux_enabled()) {
errno = EINVAL;
@@ -109,12 +109,12 @@ int getcon_raw(security_context_t *context)
return 0;
}
-int getcon(security_context_t *context)
+int getcon(char **context)
{
return getcon_raw(context);
}
-int getpidcon_raw(pid_t pid, security_context_t *context)
+int getpidcon_raw(pid_t pid, char **context)
{
if (!is_selinux_enabled()) {
errno = EINVAL;
@@ -134,7 +134,7 @@ int getpidcon_raw(pid_t pid, security_context_t *context)
return 0;
}
-int getpidcon(pid_t pid, security_context_t *context)
+int getpidcon(pid_t pid, char **context)
{
return getpidcon_raw(pid, context);
}
@@ -170,7 +170,7 @@ int setfilecon(const char *path, const char *con)
return setfilecon_raw(path, con);
}
-int getfilecon_raw(const char *path, security_context_t *con)
+int getfilecon_raw(const char *path, char **con)
{
char *constr = NULL;
ssize_t len = getxattr(path, "user.libvirt.selinux",
@@ -194,7 +194,7 @@ int getfilecon_raw(const char *path, security_context_t *con)
}
-int getfilecon(const char *path, security_context_t *con)
+int getfilecon(const char *path, char **con)
{
return getfilecon_raw(path, con);
}
@@ -315,7 +315,7 @@ void selabel_close(struct selabel_handle *handle)
}
int selabel_lookup_raw(struct selabel_handle *handle,
- security_context_t *con,
+ char **con,
const char *key,
int type)
{
diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 3040a36..50b447c 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -252,7 +252,7 @@ static int
testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles)
{
size_t i;
- security_context_t ctx;
+ char *ctx;
for (i = 0; i < nfiles; i++) {
ctx = NULL;
@@ -360,7 +360,7 @@ mymain(void)
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
ret = -1;
- setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
+ setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
DO_TEST_LABELING("kernel");
diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c
index 6c8314d..3f069c2 100644
--- a/tests/securityselinuxtest.c
+++ b/tests/securityselinuxtest.c
@@ -217,7 +217,7 @@ testSELinuxGenLabel(const void *opaque)
context_t con = NULL;
context_t imgcon = NULL;
- if (setcon_raw((security_context_t)data->pidcon) < 0) {
+ if (setcon_raw(data->pidcon) < 0) {
perror("Cannot set process security context");
return -1;
}
diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c
index 3f87af1..9a8c891 100644
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@@ -120,7 +120,7 @@ static int testIdentityGetSystem(const void *data)
static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
{
#if WITH_SELINUX
- return setcon_raw((security_context_t)data);
+ return setcon_raw(data);
#else
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
return EXIT_AM_SKIP;
--
2.25.4
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手