login-utils: don't use deprecated security_context_t

libselinux >= 3.1 makes security_context_t type deprecated. Let's
ifdef it to avoid unwanted warnings.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index 4b2b42912bcfef0e9f5e394112f176e638ad7673..643e6ad3693c18cf0f1c25ab777a55858f601479 100644 (file)
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -442,9 +442,14 @@ int main(int argc, char **argv)
                        access_vector_t av = get_access_vector("passwd", "chfn");
 
                        if (selinux_check_passwd_access(av) != 0) {
-                               security_context_t user_context;
+# ifdef HAVE_SELINUX_CONTEXT_T
+                               security_context_t user_context;        /* deprecated */
+# else
+                               char *user_context;                     /* since libselinux >= 3.1 */
+# endif
                                if (getprevcon(&user_context) < 0)
                                        user_context = NULL;
+
                                errx(EXIT_FAILURE,
                                     _("%s is not authorized to change "
                                       "the finger info of %s"),

diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index 17cc9f1e085cdc2c3594b1fdd920e8bc9cd99c8b..5631c7dc3a0a32b66b6e5cb1ffb7b8f40f2dd90e 100644 (file)
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -291,10 +291,13 @@ int main(int argc, char **argv)
                        access_vector_t av = get_access_vector("passwd", "chsh");
 
                        if (selinux_check_passwd_access(av) != 0) {
-                               security_context_t user_context;
+# ifdef HAVE_SELINUX_CONTEXT_T
+                               security_context_t user_context;        /* deprecated */
+# else
+                               char *user_context;                     /* since libselinux >= 3.1 */
+# endif
                                if (getprevcon(&user_context) < 0)
-                                       user_context =
-                                           (security_context_t) NULL;
+                                       user_context = NULL;
 
                                errx(EXIT_FAILURE,
                                     _("%s is not authorized to change the shell of %s"),

diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
index 773d13a953a3310bd12a1a017757b8b09261b9f7..58cb431bb27c13eb1e70ff04f1f2d49f15cf553a 100644 (file)
--- a/login-utils/lslogins.c
+++ b/login-utils/lslogins.c
@@ -132,7 +132,11 @@ struct lslogins_user {
        char *failed_tty;
 
 #ifdef HAVE_LIBSELINUX
+# ifdef HAVE_SELINUX_CONTEXT_T
        security_context_t context;
+# else
+       char *context;
+# endif
 #endif
        char *homedir;
        char *shell;
@@ -884,12 +888,8 @@ static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const c
                        break;
                case COL_SELINUX:
 #ifdef HAVE_LIBSELINUX
-                       if (ctl->selinux_enabled) {
-                               /* typedefs and pointers are pure evil */
-                               security_context_t con = NULL;
-                               if (getcon(&con) == 0)
-                                       user->context = con;
-                       }
+                       if (!ctl->selinux_enabled || getcon(&user->context) != 0)
+                               user->context = NULL;
 #endif
                        break;
                case COL_NPROCS:

diff --git a/login-utils/selinux_utils.c b/login-utils/selinux_utils.c
index dfd696f3e8f574bb74338cfc678ce5191b07b32c..c40e610be58a25fcfc177ccfcd812cdba245d4ad 100644 (file)
--- a/login-utils/selinux_utils.c
+++ b/login-utils/selinux_utils.c
@@ -16,7 +16,11 @@ access_vector_t get_access_vector(const char *tclass, const char *op)
 int setupDefaultContext(char *orig_file)
 {
        if (is_selinux_enabled() > 0) {
-               security_context_t scontext;
+#ifdef HAVE_SELINUX_CONTEXT_T
+               security_context_t scontext = NULL;     /* deprecated */
+#else
+               char *scontext = NULL;                  /* since libselinux >= 3.1 */
+#endif
                if (getfilecon(orig_file, &scontext) < 0)
                        return 1;
                if (setfscreatecon(scontext) < 0) {

diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c
index bac2754cadd966ce248a68d652a357091c9c08e4..08c38082056bd31445dfc82b5307ce3f03e315e1 100644 (file)
--- a/login-utils/sulogin.c
+++ b/login-utils/sulogin.c
@@ -775,9 +775,14 @@ static void sushell(struct passwd *pwd)
 
 #ifdef HAVE_LIBSELINUX
        if (is_selinux_enabled() > 0) {
-               security_context_t scon=NULL;
+# ifdef HAVE_SELINUX_CONTEXT_T
+               security_context_t scon = NULL;         /* deprecated */
+# else
+               char *scon = NULL;                      /* since libselinux >= 3.1 */
+# endif
                char *seuser=NULL;
                char *level=NULL;
+
                if (getseuserbyname("root", &seuser, &level) == 0) {
                        if (get_default_context_with_level(seuser, level, 0, &scon) == 0) {
                                if (setexeccon(scon) != 0)

diff --git a/login-utils/vipw.c b/login-utils/vipw.c
index dd84c01468f21610662ded5d0dd1e3cf8af3fd2f..eef2c5e4538e77511ef7990b1616a9f66f54a89d 100644 (file)
--- a/login-utils/vipw.c
+++ b/login-utils/vipw.c
@@ -150,7 +150,11 @@ static void pw_write(void)
 
 #ifdef HAVE_LIBSELINUX
        if (is_selinux_enabled() > 0) {
-               security_context_t passwd_context = NULL;
+# ifdef HAVE_SELINUX_CONTEXT_T
+               security_context_t passwd_context = NULL;       /* deprecated */
+# else
+               char *passwd_context = NULL;                    /* since libselinux >= 3.1 */
+# endif
                int ret = 0;
                if (getfilecon(orig_file, &passwd_context) < 0) {
                        warnx(_("Can't get context for %s"), orig_file);