From nobody Sat Feb  7 12:37:18 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1728992058510147.8506077663518;
 Tue, 15 Oct 2024 04:34:18 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 70C051883; Tue, 15 Oct 2024 07:34:17 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 67A1D177C;
	Tue, 15 Oct 2024 07:22:47 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id D7684185C; Tue, 15 Oct 2024 07:22:44 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id C982C17F8
	for <devel@lists.libvirt.org>; Tue, 15 Oct 2024 07:19:35 -0400 (EDT)
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-499-mYGVQQr_M1GgKEBzZA7xew-1; Tue,
 15 Oct 2024 07:19:34 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 986D61955F68
	for <devel@lists.libvirt.org>; Tue, 15 Oct 2024 11:19:33 +0000 (UTC)
Received: from toolbox.redhat.com (unknown [10.42.28.118])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 9A3993000198;
	Tue, 15 Oct 2024 11:19:32 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,
	RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,
	SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1728991175;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=eii37ZF5uMEHrKEMSjX2wqo8Oj8m2H9HBIBbhBJY2RU=;
	b=Q1aOM+rJ4kAD+Qbqgh60O07bGv0tdsj/SFH7cTuXumiAgzLaPeOyYYD9VAiWOvkf/RQw4g
	KfTLzzaldLkoq5Yoj5lR81zEqEHbsLYGU/Y9zXJd0ZZ/9LrDzebFQjeIp79Rb17srJmSz0
	v0edClD+nUYNLVvFYfqRwVIBuMau0LA=
X-MC-Unique: mYGVQQr_M1GgKEBzZA7xew-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: devel@lists.libvirt.org
Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH 3/5] tests: stop stubbing libselinux APIs for purpose of data
 overrides
Date: Tue, 15 Oct 2024 12:19:22 +0100
Message-ID: <20241015111924.212483-4-berrange@redhat.com>
In-Reply-To: <20241015111924.212483-1-berrange@redhat.com>
References: <20241015111924.212483-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: PUMUXUEPJTECAIMY7PTMIVD3ZALOZAM2
X-Message-ID-Hash: PUMUXUEPJTECAIMY7PTMIVD3ZALOZAM2
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/PUMUXUEPJTECAIMY7PTMIVD3ZALOZAM2/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1728992059258116600
Content-Type: text/plain; charset="utf-8"

We currently create stub 'setcon', 'setcon_raw' and 'security_disable'
APIs in the securityselinuxhelper.c mock, which set env variables to
control how other mock'd libselinux APIs respond.  These stubs merely
set some env variables, and we have no need to call these stubs from
the library code, only test code.

The 'security_disable' API is now deprecated in libselinux, so we
stubbing it generates compiler warnings. Rather than workaround that,
just stop stubbing these APIs and set the required env variables
directly. With this change, we now only mock API calls we actually
use from the library code.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 tests/securityselinuxhelper.c    | 25 -------------------------
 tests/securityselinuxlabeltest.c |  5 ++++-
 tests/securityselinuxtest.c      |  2 +-
 tests/viridentitytest.c          |  4 ++--
 4 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index c32c90c17e..e5ded96485 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -131,21 +131,6 @@ int getpidcon(pid_t pid, char **context)
     return getpidcon_raw(pid, context);
 }
=20
-int setcon_raw(const char *context)
-{
-    if (!is_selinux_enabled()) {
-        errno =3D EINVAL;
-        return -1;
-    }
-    return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) =3D=3D TRUE ? 0=
 : -1;
-}
-
-int setcon(const char *context)
-{
-    return setcon_raw(context);
-}
-
-
 int setfilecon_raw(const char *path, const char *con)
 {
     const char *constr =3D con;
@@ -209,16 +194,6 @@ int is_selinux_enabled(void)
     return getenv("FAKE_SELINUX_DISABLED") =3D=3D NULL;
 }
=20
-int security_disable(void)
-{
-    if (!is_selinux_enabled()) {
-        errno =3D ENOENT;
-        return -1;
-    }
-
-    return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) =3D=3D TRUE ? 0 : =
-1;
-}
-
 int security_getenforce(void)
 {
     if (!is_selinux_enabled()) {
diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt=
est.c
index 43db128b3a..666e942630 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -333,7 +333,10 @@ mymain(void)
     if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
         ret =3D -1;
=20
-    setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
+    if (!g_setenv("FAKE_SELINUX_CONTEXT", "system_r:system_u:libvirtd_t:s0=
:c0.c1023", TRUE)) {
+        perror("Cannot set process security context");
+        return EXIT_FAILURE;
+    }
=20
     DO_TEST_LABELING("disks");
     DO_TEST_LABELING("kernel");
diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c
index 6aadc6154f..a4b2c3683d 100644
--- a/tests/securityselinuxtest.c
+++ b/tests/securityselinuxtest.c
@@ -211,7 +211,7 @@ testSELinuxGenLabel(const void *opaque)
     context_t con =3D NULL;
     context_t imgcon =3D NULL;
=20
-    if (setcon_raw(data->pidcon) < 0) {
+    if (!g_setenv("FAKE_SELINUX_CONTEXT", data->pidcon, TRUE)) {
         perror("Cannot set process security context");
         return -1;
     }
diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c
index 74e3a03619..a971f8bd18 100644
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@@ -124,7 +124,7 @@ static int testIdentityGetSystem(const void *data)
 static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
 {
 #if WITH_SELINUX
-    return setcon_raw(data);
+    return g_setenv("FAKE_SELINUX_CONTEXT", data, TRUE) =3D=3D TRUE ? 0 : =
-1;
 #else
     VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
     return EXIT_AM_SKIP;
@@ -134,7 +134,7 @@ static int testSetFakeSELinuxContext(const void *data G=
_GNUC_UNUSED)
 static int testDisableFakeSELinux(const void *data G_GNUC_UNUSED)
 {
 #if WITH_SELINUX
-    return security_disable();
+    return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) =3D=3D TRUE ? 0 : =
-1;
 #else
     VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
     return EXIT_AM_SKIP;
--=20
2.46.0