From nobody Sat May 4 13:59:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1594813600; cv=none; d=zohomail.com; s=zohoarc; b=eCBR0FfghgB1sxEayC5ItMqpF41J4ZE+nnuqcb9YJyYxp+xeHbIPPUR8LkXpojMGC5l0xy/ikrssbCYC/2U2hKWgAYuDQJOVAhsxT58WsjGajuV1vZhZ0DHo4rB612hlPMchb/TeFgyQ5G0WCd0+oAsBcRSPoZzKavpSfQZywXk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1594813600; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=d4YF+IOQf6GMaKnGwOfVnQAZrfCBRKpOz7kDKgom0uc=; b=gsdl6wQBmngfBHy2cHNmLx1wXCrOgOsPN1Zg2mdr+tqLWATWzwjlXcCrn+MGgdP76Zu2gdCgrEzQAbkq/EXpMQ97MJNC3kzGhbyvpy/va5iBT5hor1RvViuM5RGoofFaF690//RBAt4Cxh9+grxYEJurhOP2djBMa3JFXJ/XLCM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1594813600431403.57369451814816; Wed, 15 Jul 2020 04:46:40 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-2-zWQNIxqqMoiK463b10m7aQ-1; Wed, 15 Jul 2020 07:46:35 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B566A800C64; Wed, 15 Jul 2020 11:46:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E3E2F100164C; Wed, 15 Jul 2020 11:46:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A31B61809554; Wed, 15 Jul 2020 11:46:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 06FBjmZm022857 for ; Wed, 15 Jul 2020 07:45:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id 16FEF2B6DB; Wed, 15 Jul 2020 11:45:48 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.195.170]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6436419C58 for ; Wed, 15 Jul 2020 11:45:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594813599; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=d4YF+IOQf6GMaKnGwOfVnQAZrfCBRKpOz7kDKgom0uc=; b=a7/uHXUBcYube5tuYPz+AvYhZ3LJRFdJ/WHCZBbDqKoIppLp3t6Om8GOgdS2c4ZduTyII5 wETCRadO1DoXqvyHPkNq3TJFkBp8iLuhsKEIYYE4oza6MF3tF/zCDaOFLDCC2WmvnHhG4x vly7QYOcVVvUdrXYdN93M2qScJtVvFk= X-MC-Unique: zWQNIxqqMoiK463b10m7aQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH] Substitute security_context_t with char * Date: Wed, 15 Jul 2020 13:45:40 +0200 Message-Id: <816ef276133943dd36a1fe71078f729a433b14d2.1594813540.git.mprivozn@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Historically, we've used security_context_t for variables passed to libselinux APIs. But almost 7 years ago, libselinux developers admitted in their API that in fact, it's just a 'char *' type [1]. Ever since then the APIs accept 'char *' instead, but they kept the old alias just for API stability. Well, not anymore [2]. 1: https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a8078= 14e7975424642d5b9 2: https://github.com/SELinuxProject/selinux/commit/7a124ca2758136f49cc38ef= c26fb1a2d385ecfd9 Signed-off-by: Michal Privoznik Reviewed-by: Andrea Bolognani --- src/libvirt-lxc.c | 2 +- src/rpc/virnetsocket.c | 2 +- src/security/security_selinux.c | 26 +++++++++++++------------- src/storage/storage_util.c | 2 +- src/util/viridentity.c | 2 +- tests/securityselinuxhelper.c | 16 ++++++++-------- tests/securityselinuxlabeltest.c | 4 ++-- tests/securityselinuxtest.c | 2 +- tests/viridentitytest.c | 2 +- 9 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c index 47a06a39f2..25f1cfc5f7 100644 --- a/src/libvirt-lxc.c +++ b/src/libvirt-lxc.c @@ -204,7 +204,7 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr mode= l, if (STREQ(model->model, "selinux")) { #ifdef WITH_SELINUX if (oldlabel) { - security_context_t ctx; + char *ctx; =20 if (getcon(&ctx) < 0) { virReportSystemError(errno, diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index c62c2fb3fc..9aaabb4577 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -1612,7 +1612,7 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock = G_GNUC_UNUSED, int virNetSocketGetSELinuxContext(virNetSocketPtr sock, char **context) { - security_context_t seccon =3D NULL; + char *seccon =3D NULL; int ret =3D -1; =20 *context =3D NULL; diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 1d28430035..cc8fb1099c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -198,7 +198,7 @@ virSecuritySELinuxTransactionAppend(const char *path, =20 static int virSecuritySELinuxRememberLabel(const char *path, - const security_context_t con) + const char *con) { return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME, path, con); @@ -207,7 +207,7 @@ virSecuritySELinuxRememberLabel(const char *path, =20 static int virSecuritySELinuxRecallLabel(const char *path, - security_context_t *con) + char **con) { int rv; =20 @@ -431,7 +431,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, int *catMin, int *catMax) { - security_context_t ourSecContext =3D NULL; + char *ourSecContext =3D NULL; context_t ourContext =3D NULL; char *cat =3D NULL; char *tmp; @@ -530,8 +530,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, } =20 static char * -virSecuritySELinuxContextAddRange(security_context_t src, - security_context_t dst) +virSecuritySELinuxContextAddRange(char *src, + char *dst) { char *str =3D NULL; char *ret =3D NULL; @@ -575,7 +575,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext, context_t context =3D NULL; char *ret =3D NULL; char *str; - security_context_t ourSecContext =3D NULL; + char *ourSecContext =3D NULL; context_t ourContext =3D NULL; =20 VIR_DEBUG("basecontext=3D%s mcs=3D%s isObjectContext=3D%d", @@ -955,7 +955,7 @@ virSecuritySELinuxReserveLabel(virSecurityManagerPtr mg= r, virDomainDefPtr def, pid_t pid) { - security_context_t pctx; + char *pctx; context_t ctx =3D NULL; const char *mcs; int rv; @@ -1203,7 +1203,7 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerP= tr mgr G_GNUC_UNUSED, pid_t pid, virSecurityLabelPtr sec) { - security_context_t ctx; + char *ctx; =20 if (getpidcon_raw(pid, &ctx) =3D=3D -1) { virReportSystemError(errno, @@ -1316,7 +1316,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mg= r, bool remember) { bool privileged =3D virSecurityManagerGetPrivileged(mgr); - security_context_t econ =3D NULL; + char *econ =3D NULL; int refcount; int rc; bool rollback =3D false; @@ -1426,7 +1426,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon) /* Set fcon to the appropriate label for path and mode, or return -1. */ static int getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED, - const char *newpath, mode_t mode, security_context_t *fcon) + const char *newpath, mode_t mode, char **fcon) { virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); =20 @@ -1443,7 +1443,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager= Ptr mgr, { bool privileged =3D virSecurityManagerGetPrivileged(mgr); struct stat buf; - security_context_t fcon =3D NULL; + char *fcon =3D NULL; char *newpath =3D NULL; int rc; int ret =3D -1; @@ -2974,7 +2974,7 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityMan= agerPtr mgr G_GNUC_UNUSED, { /* TODO: verify DOI */ virSecurityLabelDefPtr secdef; - security_context_t scon =3D NULL; + char *scon =3D NULL; char *str =3D NULL; int rc =3D -1; =20 @@ -3283,7 +3283,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr= mgr, int fd) { struct stat buf; - security_context_t fcon =3D NULL; + char *fcon =3D NULL; virSecurityLabelDefPtr secdef; char *str =3D NULL, *proc =3D NULL, *fd_path =3D NULL; int rc =3D -1; diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 8d92232a87..ee048f02fe 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -1814,7 +1814,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSour= cePtr target, struct stat *sb) { #if WITH_SELINUX - security_context_t filecon =3D NULL; + char *filecon =3D NULL; #endif =20 if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 8cc2db2568..2cb9042a84 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -157,7 +157,7 @@ virIdentityPtr virIdentityGetSystem(void) unsigned long long startTime; g_autoptr(virIdentity) ret =3D NULL; #if WITH_SELINUX - security_context_t con; + char *con; #endif =20 if (!(ret =3D virIdentityNew())) diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c index c3d7f8c1ce..64d2b75740 100644 --- a/tests/securityselinuxhelper.c +++ b/tests/securityselinuxhelper.c @@ -55,7 +55,7 @@ static struct selabel_handle *(*real_selabel_open)(unsign= ed int backend, unsigned nopts); static void (*real_selabel_close)(struct selabel_handle *handle); static int (*real_selabel_lookup_raw)(struct selabel_handle *handle, - security_context_t *con, + char **con, const char *key, int type); =20 @@ -89,7 +89,7 @@ static void init_syms(void) * the virt_use_nfs bool is set. */ =20 -int getcon_raw(security_context_t *context) +int getcon_raw(char **context) { if (!is_selinux_enabled()) { errno =3D EINVAL; @@ -104,12 +104,12 @@ int getcon_raw(security_context_t *context) return 0; } =20 -int getcon(security_context_t *context) +int getcon(char **context) { return getcon_raw(context); } =20 -int getpidcon_raw(pid_t pid, security_context_t *context) +int getpidcon_raw(pid_t pid, char **context) { if (!is_selinux_enabled()) { errno =3D EINVAL; @@ -129,7 +129,7 @@ int getpidcon_raw(pid_t pid, security_context_t *contex= t) return 0; } =20 -int getpidcon(pid_t pid, security_context_t *context) +int getpidcon(pid_t pid, char **context) { return getpidcon_raw(pid, context); } @@ -165,7 +165,7 @@ int setfilecon(const char *path, const char *con) return setfilecon_raw(path, con); } =20 -int getfilecon_raw(const char *path, security_context_t *con) +int getfilecon_raw(const char *path, char **con) { char *constr =3D NULL; ssize_t len =3D getxattr(path, "user.libvirt.selinux", @@ -189,7 +189,7 @@ int getfilecon_raw(const char *path, security_context_t= *con) } =20 =20 -int getfilecon(const char *path, security_context_t *con) +int getfilecon(const char *path, char **con) { return getfilecon_raw(path, con); } @@ -308,7 +308,7 @@ void selabel_close(struct selabel_handle *handle) } =20 int selabel_lookup_raw(struct selabel_handle *handle, - security_context_t *con, + char **con, const char *key, int type) { diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt= est.c index 3040a36693..50b447c163 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -252,7 +252,7 @@ static int testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles) { size_t i; - security_context_t ctx; + char *ctx; =20 for (i =3D 0; i < nfiles; i++) { ctx =3D NULL; @@ -360,7 +360,7 @@ mymain(void) if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \ ret =3D -1; =20 - setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); + setcon("system_r:system_u:libvirtd_t:s0:c0.c1023"); =20 DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c index 6c8314de6b..3f069c2d6b 100644 --- a/tests/securityselinuxtest.c +++ b/tests/securityselinuxtest.c @@ -217,7 +217,7 @@ testSELinuxGenLabel(const void *opaque) context_t con =3D NULL; context_t imgcon =3D NULL; =20 - if (setcon_raw((security_context_t)data->pidcon) < 0) { + if (setcon_raw(data->pidcon) < 0) { perror("Cannot set process security context"); return -1; } diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index 3f87af1c3b..9a8c8914d3 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -120,7 +120,7 @@ static int testIdentityGetSystem(const void *data) static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED) { #if WITH_SELINUX - return setcon_raw((security_context_t)data); + return setcon_raw(data); #else VIR_DEBUG("libvirt not compiled with SELinux, skipping this test"); return EXIT_AM_SKIP; --=20 2.26.2