From: Karel Zak Date: Wed, 13 Jan 2021 12:12:19 +0000 (+0100) Subject: build-sys: remove fallback for security_context_t X-Git-Tag: v2.37-rc1~185 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca27216aa69d641391429d4abf0066f4ec305471;p=thirdparty%2Futil-linux.git build-sys: remove fallback for security_context_t It seems like overkill to provide this #ifdef. For example coreutils use "char *" for all selinux contexts (since 2014). Signed-off-by: Karel Zak --- diff --git a/configure.ac b/configure.ac index d56598a6d2..20b6c31789 100644 --- a/configure.ac +++ b/configure.ac @@ -833,15 +833,7 @@ AC_ARG_WITH([selinux], AS_IF([test "x$with_selinux" = xno], [ AM_CONDITIONAL([HAVE_SELINUX], [false]) ], [ - PKG_CHECK_MODULES([SELINUX], [libselinux >= 3.1], [have_selinux=yes], [have_selinux=no]) - AS_IF([test "x$have_selinux" = xno], [ - PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.0], - [have_selinux=yes - AC_DEFINE([HAVE_SELINUX_CONTEXT_T], [1], [Do we need deprecated selinux_context_t?]) - ], - [have_selinux=no]) - ]) - + PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.5], [have_selinux=yes], [have_selinux=no]) AS_CASE([$with_selinux:$have_selinux], [yes:no], [AC_MSG_ERROR([SELinux selected but libselinux not found or too old])] ) diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c index 87718331bc..2391b3e508 100644 --- a/disk-utils/mkswap.c +++ b/disk-utils/mkswap.c @@ -628,11 +628,7 @@ int main(int argc, char **argv) #ifdef HAVE_LIBSELINUX if (S_ISREG(ctl.devstat.st_mode) && is_selinux_enabled() > 0) { -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t context_string, oldcontext; /* deprecated */ -# else - char *context_string, *oldcontext; /* since libselinux >= 3.1 */ -# endif + char *context_string, *oldcontext; context_t newcontext; if (fgetfilecon(ctl.fd, &oldcontext) < 0) { diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c index be0c3ee8a2..921b9318e7 100644 --- a/libmount/src/optstr.c +++ b/libmount/src/optstr.c @@ -871,13 +871,7 @@ int mnt_optstr_fix_secontext(char **optstr, char **next) { int rc = 0; -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t raw = NULL; /* deprecated */ -# else - char *raw = NULL; /* since libselinux >= 3.1 */ -# endif - - char *p, *val, *begin, *end; + char *p, *val, *begin, *end, *raw = NULL; size_t sz; if (!optstr || !*optstr || !value || !valsz) @@ -902,11 +896,7 @@ int mnt_optstr_fix_secontext(char **optstr, /* translate the context */ - rc = selinux_trans_to_raw_context( -# ifdef HAVE_SELINUX_CONTEXT_T - (security_context_t) -# endif - p, &raw); + rc = selinux_trans_to_raw_context(p, &raw); DBG(CXT, ul_debug("SELinux context '%s' translated to '%s'", p, rc == -1 ? "FAILED" : (char *) raw)); diff --git a/login-utils/chfn.c b/login-utils/chfn.c index 643e6ad369..be122c78d8 100644 --- a/login-utils/chfn.c +++ b/login-utils/chfn.c @@ -442,11 +442,8 @@ int main(int argc, char **argv) access_vector_t av = get_access_vector("passwd", "chfn"); if (selinux_check_passwd_access(av) != 0) { -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t user_context; /* deprecated */ -# else - char *user_context; /* since libselinux >= 3.1 */ -# endif + char *user_context; + if (getprevcon(&user_context) < 0) user_context = NULL; diff --git a/login-utils/chsh.c b/login-utils/chsh.c index 5631c7dc3a..05e475403c 100644 --- a/login-utils/chsh.c +++ b/login-utils/chsh.c @@ -291,11 +291,8 @@ int main(int argc, char **argv) access_vector_t av = get_access_vector("passwd", "chsh"); if (selinux_check_passwd_access(av) != 0) { -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t user_context; /* deprecated */ -# else - char *user_context; /* since libselinux >= 3.1 */ -# endif + char *user_context; + if (getprevcon(&user_context) < 0) user_context = NULL; diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c index 58cb431bb2..5f950758b6 100644 --- a/login-utils/lslogins.c +++ b/login-utils/lslogins.c @@ -132,11 +132,7 @@ struct lslogins_user { char *failed_tty; #ifdef HAVE_LIBSELINUX -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t context; -# else char *context; -# endif #endif char *homedir; char *shell; diff --git a/login-utils/selinux_utils.c b/login-utils/selinux_utils.c index c40e610be5..a898b537d2 100644 --- a/login-utils/selinux_utils.c +++ b/login-utils/selinux_utils.c @@ -16,11 +16,8 @@ access_vector_t get_access_vector(const char *tclass, const char *op) int setupDefaultContext(char *orig_file) { if (is_selinux_enabled() > 0) { -#ifdef HAVE_SELINUX_CONTEXT_T - security_context_t scontext = NULL; /* deprecated */ -#else - char *scontext = NULL; /* since libselinux >= 3.1 */ -#endif + char *scontext = NULL; + if (getfilecon(orig_file, &scontext) < 0) return 1; if (setfscreatecon(scontext) < 0) { diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c index 40690076fe..6ed63f1a07 100644 --- a/login-utils/sulogin.c +++ b/login-utils/sulogin.c @@ -775,13 +775,9 @@ static void sushell(struct passwd *pwd) #ifdef HAVE_LIBSELINUX if (is_selinux_enabled() > 0) { -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t scon = NULL; /* deprecated */ -# else - char *scon = NULL; /* since libselinux >= 3.1 */ -# endif - char *seuser=NULL; - char *level=NULL; + char *scon = NULL; + char *seuser = NULL; + char *level = NULL; if (getseuserbyname("root", &seuser, &level) == 0) { if (get_default_context_with_level(seuser, level, 0, &scon) == 0) { diff --git a/login-utils/vipw.c b/login-utils/vipw.c index eef2c5e453..f178c8f2a2 100644 --- a/login-utils/vipw.c +++ b/login-utils/vipw.c @@ -150,12 +150,9 @@ static void pw_write(void) #ifdef HAVE_LIBSELINUX if (is_selinux_enabled() > 0) { -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t passwd_context = NULL; /* deprecated */ -# else - char *passwd_context = NULL; /* since libselinux >= 3.1 */ -# endif + char *passwd_context = NULL; int ret = 0; + if (getfilecon(orig_file, &passwd_context) < 0) { warnx(_("Can't get context for %s"), orig_file); pw_error(orig_file, 1, 1); diff --git a/sys-utils/mount.c b/sys-utils/mount.c index 765e1170ec..2900717a9c 100644 --- a/sys-utils/mount.c +++ b/sys-utils/mount.c @@ -319,11 +319,7 @@ static void selinux_warning(struct libmnt_context *cxt, const char *tgt) { if (tgt && mnt_context_is_verbose(cxt) && is_selinux_enabled() > 0) { -# ifdef HAVE_SELINUX_CONTEXT_T - security_context_t raw = NULL, def = NULL; /* deprecated */ -# else - char *raw = NULL, *def = NULL; /* since libselinux >= 3.1 */ -# endif + char *raw = NULL, *def = NULL; if (getfilecon(tgt, &raw) > 0 && security_get_initial_context("file", &def) == 0) {