105 lines
3.0 KiB
Diff
105 lines
3.0 KiB
Diff
From 04726be814c6fd6d9cf974e15d684dd3ac1a180e Mon Sep 17 00:00:00 2001
|
|
From: Arjun Shankar <arjun@redhat.com>
|
|
Date: Thu, 23 Jul 2020 12:20:38 +0200
|
|
Subject: [PATCH] Disable warnings due to deprecated libselinux symbols used by
|
|
nss and nscd
|
|
|
|
The SELinux API deprecated several symbols in its 3.1 release, including
|
|
security_context_t, matchpathcon, avc_init, and sidput, which are used in
|
|
makedb and nscd. While the usage of these should eventually be replaced by
|
|
newer interfaces, this commit disables GCC warnings due to the use of the
|
|
above symbols.
|
|
|
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
Tested-by: Carlos O'Donell <carlos@redhat.com>
|
|
---
|
|
nscd/selinux.c | 15 +++++++++++++++
|
|
nss/makedb.c | 9 +++++++++
|
|
2 files changed, 24 insertions(+)
|
|
|
|
diff --git a/nscd/selinux.c b/nscd/selinux.c
|
|
index a4ea8008e2..1ebf924826 100644
|
|
--- a/nscd/selinux.c
|
|
+++ b/nscd/selinux.c
|
|
@@ -33,6 +33,7 @@
|
|
#ifdef HAVE_LIBAUDIT
|
|
# include <libaudit.h>
|
|
#endif
|
|
+#include <libc-diag.h>
|
|
|
|
#include "dbg_log.h"
|
|
#include "selinux.h"
|
|
@@ -320,6 +321,12 @@ avc_free_lock (void *lock)
|
|
}
|
|
|
|
|
|
+/* avc_init (along with several other symbols) was marked as deprecated by the
|
|
+ SELinux API starting from version 3.1. We use it here, but should
|
|
+ eventually switch to the newer API. */
|
|
+DIAG_PUSH_NEEDS_COMMENT
|
|
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
|
|
+
|
|
/* Initialize the user space access vector cache (AVC) for NSCD along with
|
|
log/thread/lock callbacks. */
|
|
void
|
|
@@ -335,7 +342,14 @@ nscd_avc_init (void)
|
|
audit_init ();
|
|
#endif
|
|
}
|
|
+DIAG_POP_NEEDS_COMMENT
|
|
+
|
|
|
|
+/* security_context_t and sidput (along with several other symbols) were marked
|
|
+ as deprecated by the SELinux API starting from version 3.1. We use them
|
|
+ here, but should eventually switch to the newer API. */
|
|
+DIAG_PUSH_NEEDS_COMMENT
|
|
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
|
|
|
|
/* Check the permission from the caller (via getpeercon) to nscd.
|
|
Returns 0 if access is allowed, 1 if denied, and -1 on error.
|
|
@@ -422,6 +436,7 @@ out:
|
|
|
|
return rc;
|
|
}
|
|
+DIAG_POP_NEEDS_COMMENT
|
|
|
|
|
|
/* Wrapper to get AVC statistics. */
|
|
diff --git a/nss/makedb.c b/nss/makedb.c
|
|
index 8e389a1683..8e1e8ec9ad 100644
|
|
--- a/nss/makedb.c
|
|
+++ b/nss/makedb.c
|
|
@@ -38,6 +38,7 @@
|
|
#include <sys/stat.h>
|
|
#include <sys/uio.h>
|
|
#include "nss_db/nss_db.h"
|
|
+#include <libc-diag.h>
|
|
|
|
/* Get libc version number. */
|
|
#include "../version.h"
|
|
@@ -841,6 +842,13 @@ print_database (int fd)
|
|
|
|
|
|
#ifdef HAVE_SELINUX
|
|
+
|
|
+/* security_context_t and matchpathcon (along with several other symbols) were
|
|
+ marked as deprecated by the SELinux API starting from version 3.1. We use
|
|
+ them here, but should eventually switch to the newer API. */
|
|
+DIAG_PUSH_NEEDS_COMMENT
|
|
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
|
|
+
|
|
static void
|
|
set_file_creation_context (const char *outname, mode_t mode)
|
|
{
|
|
@@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode)
|
|
freecon (ctx);
|
|
}
|
|
}
|
|
+DIAG_POP_NEEDS_COMMENT
|
|
|
|
static void
|
|
reset_file_creation_context (void)
|
|
--
|
|
2.23.0
|
|
|