Historically, we've used security_context_t for variables passed
to libselinux APIs. But almost 7 years ago, libselinux developers
admitted in their API that in fact, it's just a 'char *' type
[1]. Ever since then the APIs accept 'char *' instead, but they
kept the old alias just for API stability. Well, not anymore [2].
1: https://github.com/SELinuxProject/selinux/commit/
9eb9c9327563014ad6a807814e7975424642d5b9
2: https://github.com/SELinuxProject/selinux/commit/
7a124ca2758136f49cc38efc26fb1a2d385ecfd9
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
if (STREQ(model->model, "selinux")) {
#ifdef WITH_SELINUX
if (oldlabel) {
- security_context_t ctx;
+ char *ctx;
if (getcon(&ctx) < 0) {
virReportSystemError(errno,
int virNetSocketGetSELinuxContext(virNetSocketPtr sock,
char **context)
{
- security_context_t seccon = NULL;
+ char *seccon = NULL;
int ret = -1;
*context = NULL;
static int
virSecuritySELinuxRememberLabel(const char *path,
- const security_context_t con)
+ const char *con)
{
return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME,
path, con);
static int
virSecuritySELinuxRecallLabel(const char *path,
- security_context_t *con)
+ char **con)
{
int rv;
int *catMin,
int *catMax)
{
- security_context_t ourSecContext = NULL;
+ char *ourSecContext = NULL;
context_t ourContext = NULL;
char *cat = NULL;
char *tmp;
}
static char *
-virSecuritySELinuxContextAddRange(security_context_t src,
- security_context_t dst)
+virSecuritySELinuxContextAddRange(char *src,
+ char *dst)
{
char *str = NULL;
char *ret = NULL;
context_t context = NULL;
char *ret = NULL;
char *str;
- security_context_t ourSecContext = NULL;
+ char *ourSecContext = NULL;
context_t ourContext = NULL;
VIR_DEBUG("basecontext=%s mcs=%s isObjectContext=%d",
virDomainDefPtr def,
pid_t pid)
{
- security_context_t pctx;
+ char *pctx;
context_t ctx = NULL;
const char *mcs;
int rv;
pid_t pid,
virSecurityLabelPtr sec)
{
- security_context_t ctx;
+ char *ctx;
if (getpidcon_raw(pid, &ctx) == -1) {
virReportSystemError(errno,
bool remember)
{
bool privileged = virSecurityManagerGetPrivileged(mgr);
- security_context_t econ = NULL;
+ char *econ = NULL;
int refcount;
int rc;
bool rollback = false;
/* Set fcon to the appropriate label for path and mode, or return -1. */
static int
getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
- const char *newpath, mode_t mode, security_context_t *fcon)
+ const char *newpath, mode_t mode, char **fcon)
{
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
{
bool privileged = virSecurityManagerGetPrivileged(mgr);
struct stat buf;
- security_context_t fcon = NULL;
+ char *fcon = NULL;
char *newpath = NULL;
int rc;
int ret = -1;
{
/* TODO: verify DOI */
virSecurityLabelDefPtr secdef;
- security_context_t scon = NULL;
+ char *scon = NULL;
char *str = NULL;
int rc = -1;
int fd)
{
struct stat buf;
- security_context_t fcon = NULL;
+ char *fcon = NULL;
virSecurityLabelDefPtr secdef;
char *str = NULL, *proc = NULL, *fd_path = NULL;
int rc = -1;
struct stat *sb)
{
#if WITH_SELINUX
- security_context_t filecon = NULL;
+ char *filecon = NULL;
#endif
if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0)
unsigned long long startTime;
g_autoptr(virIdentity) ret = NULL;
#if WITH_SELINUX
- security_context_t con;
+ char *con;
#endif
if (!(ret = virIdentityNew()))
unsigned nopts);
static void (*real_selabel_close)(struct selabel_handle *handle);
static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
- security_context_t *con,
+ char **con,
const char *key,
int type);
* the virt_use_nfs bool is set.
*/
-int getcon_raw(security_context_t *context)
+int getcon_raw(char **context)
{
if (!is_selinux_enabled()) {
errno = EINVAL;
return 0;
}
-int getcon(security_context_t *context)
+int getcon(char **context)
{
return getcon_raw(context);
}
-int getpidcon_raw(pid_t pid, security_context_t *context)
+int getpidcon_raw(pid_t pid, char **context)
{
if (!is_selinux_enabled()) {
errno = EINVAL;
return 0;
}
-int getpidcon(pid_t pid, security_context_t *context)
+int getpidcon(pid_t pid, char **context)
{
return getpidcon_raw(pid, context);
}
return setfilecon_raw(path, con);
}
-int getfilecon_raw(const char *path, security_context_t *con)
+int getfilecon_raw(const char *path, char **con)
{
char *constr = NULL;
ssize_t len = getxattr(path, "user.libvirt.selinux",
}
-int getfilecon(const char *path, security_context_t *con)
+int getfilecon(const char *path, char **con)
{
return getfilecon_raw(path, con);
}
}
int selabel_lookup_raw(struct selabel_handle *handle,
- security_context_t *con,
+ char **con,
const char *key,
int type)
{
testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles)
{
size_t i;
- security_context_t ctx;
+ char *ctx;
for (i = 0; i < nfiles; i++) {
ctx = NULL;
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
ret = -1;
- setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
+ setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
DO_TEST_LABELING("kernel");
context_t con = NULL;
context_t imgcon = NULL;
- if (setcon_raw((security_context_t)data->pidcon) < 0) {
+ if (setcon_raw(data->pidcon) < 0) {
perror("Cannot set process security context");
return -1;
}
static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
{
#if WITH_SELINUX
- return setcon_raw((security_context_t)data);
+ return setcon_raw(data);
#else
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
return EXIT_AM_SKIP;
projects / thirdparty / libvirt.git / commitdiff
