From 5f92046b77845a4275a0cca0cdf61fbb4f98871d Mon Sep 17 00:00:00 2001 From: Pavel Hrdina Date: Wed, 9 Oct 2019 16:43:53 +0200 Subject: [PATCH] m4: virt-selinux: remove obsolete checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All OSes that we support have libselinux >= 2.5 except for Ubuntu 16.04 where the version is 2.4. Signed-off-by: Pavel Hrdina Reviewed-by: Ján Tomko --- m4/virt-selinux.m4 | 20 ++------------------ src/qemu/qemu_domain.c | 4 ++-- src/security/security_selinux.c | 22 ++-------------------- tests/securityselinuxhelper.c | 19 +++++-------------- 4 files changed, 11 insertions(+), 54 deletions(-) diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4 index fe274fafe9..64e6980844 100644 --- a/m4/virt-selinux.m4 +++ b/m4/virt-selinux.m4 @@ -27,20 +27,8 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ [fgetfilecon_raw], [selinux/selinux.h]) if test "$with_selinux" = "yes"; then - # libselinux changed signatures between 2.2 and 2.3 - AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_const], - [AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -#include -int setcon(char *context); - ]])], - [lv_cv_setcon_const=''], - [lv_cv_setcon_const='const'])]) - AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const], - [Define to empty or 'const' depending on how SELinux qualifies its - security context parameters]) - # ...and again for 2.5 + # libselinux changed signatures for 2.5 + # TODO: Drop once we don't support Ubuntu 16.04 AC_CACHE_CHECK([for selinux selabel_open parameter type], [lv_cv_selabel_open_const], [AC_COMPILE_IFELSE( @@ -68,10 +56,6 @@ struct selabel_handle *selabel_open(unsigned, struct selinux_opt *, unsigned); fi AC_MSG_RESULT([$SELINUX_MOUNT]) AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point]) - - dnl We prefer to use and selabel_open, but can fall - dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. - AC_CHECK_HEADERS([selinux/label.h]) fi ]) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 3e8da13794..1396b28a24 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -13276,7 +13276,7 @@ qemuDomainCreateDeviceRecursive(const char *device, } if (tcon && - lsetfilecon_raw(devicePath, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) { + lsetfilecon_raw(devicePath, (const char *)tcon) < 0) { VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR if (errno != EOPNOTSUPP && errno != ENOTSUP) { VIR_WARNINGS_RESET @@ -14074,7 +14074,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED, # ifdef WITH_SELINUX if (data->tcon && - lsetfilecon_raw(data->file, (VIR_SELINUX_CTX_CONST char *)data->tcon) < 0) { + lsetfilecon_raw(data->file, (const char *)data->tcon) < 0) { VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR if (errno != EOPNOTSUPP && errno != ENOTSUP) { VIR_WARNINGS_RESET diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index d80ec01c5d..33cf788e80 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -23,9 +23,7 @@ #include #include #include -#if HAVE_SELINUX_LABEL_H -# include -#endif +#include #include "security_driver.h" #include "security_selinux.h" @@ -62,9 +60,7 @@ struct _virSecuritySELinuxData { char *content_context; virHashTablePtr mcs; bool skipAllLabel; -#if HAVE_SELINUX_LABEL_H struct selabel_handle *label_handle; -#endif }; /* Data structure to pass to various callbacks so we have everything we need */ @@ -640,14 +636,12 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr) data->skipAllLabel = true; -# if HAVE_SELINUX_LABEL_H data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (!data->label_handle) { virReportSystemError(errno, "%s", _("cannot open SELinux label_handle")); return -1; } -# endif if (!(selinux_conf = virConfReadFile(selinux_lxc_contexts_path(), 0))) goto error; @@ -688,10 +682,8 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr) return 0; error: -# if HAVE_SELINUX_LABEL_H selabel_close(data->label_handle); data->label_handle = NULL; -# endif VIR_FREE(data->domain_context); VIR_FREE(data->file_context); VIR_FREE(data->content_context); @@ -717,14 +709,12 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr) data->skipAllLabel = false; -#if HAVE_SELINUX_LABEL_H data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (!data->label_handle) { virReportSystemError(errno, "%s", _("cannot open SELinux label_handle")); return -1; } -#endif if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) { virReportSystemError(errno, @@ -773,10 +763,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr) return 0; error: -#if HAVE_SELINUX_LABEL_H selabel_close(data->label_handle); data->label_handle = NULL; -#endif VIR_FREE(data->domain_context); VIR_FREE(data->alt_domain_context); VIR_FREE(data->file_context); @@ -1046,10 +1034,8 @@ virSecuritySELinuxDriverClose(virSecurityManagerPtr mgr) if (!data) return 0; -#if HAVE_SELINUX_LABEL_H if (data->label_handle) selabel_close(data->label_handle); -#endif virHashFree(data->mcs); @@ -1272,7 +1258,7 @@ virSecuritySELinuxSetFileconImpl(const char *path, VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); - if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) { + if (setfilecon_raw(path, (const char *)tcon) < 0) { int setfilecon_errno = errno; if (getfilecon_raw(path, &econ) >= 0) { @@ -1458,13 +1444,9 @@ static int getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED, const char *newpath, mode_t mode, security_context_t *fcon) { -#if HAVE_SELINUX_LABEL_H virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); return selabel_lookup_raw(data->label_handle, fcon, newpath, mode); -#else - return matchpathcon(newpath, mode, fcon); -#endif } diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c index 814250b731..8b90ddada9 100644 --- a/tests/securityselinuxhelper.c +++ b/tests/securityselinuxhelper.c @@ -27,9 +27,7 @@ # include #endif #include -#if HAVE_SELINUX_LABEL_H -# include -#endif +#include #include #include #include @@ -54,7 +52,6 @@ static const char *(*real_selinux_virtual_image_context_path)(void); static const char *(*real_selinux_lxc_contexts_path)(void); #endif -#if HAVE_SELINUX_LABEL_H static struct selabel_handle *(*real_selabel_open)(unsigned int backend, VIR_SELINUX_OPEN_CONST struct selinux_opt *opts, @@ -64,7 +61,6 @@ static int (*real_selabel_lookup_raw)(struct selabel_handle *handle, security_context_t *con, const char *key, int type); -#endif static void init_syms(void) { @@ -82,11 +78,9 @@ static void init_syms(void) VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path); #endif -#if HAVE_SELINUX_LABEL_H VIR_MOCK_REAL_INIT(selabel_open); VIR_MOCK_REAL_INIT(selabel_close); VIR_MOCK_REAL_INIT(selabel_lookup_raw); -#endif } @@ -145,7 +139,7 @@ int getpidcon(pid_t pid, security_context_t *context) return getpidcon_raw(pid, context); } -int setcon_raw(VIR_SELINUX_CTX_CONST char *context) +int setcon_raw(const char *context) { if (!is_selinux_enabled()) { errno = EINVAL; @@ -154,13 +148,13 @@ int setcon_raw(VIR_SELINUX_CTX_CONST char *context) return setenv("FAKE_SELINUX_CONTEXT", context, 1); } -int setcon(VIR_SELINUX_CTX_CONST char *context) +int setcon(const char *context) { return setcon_raw(context); } -int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con) +int setfilecon_raw(const char *path, const char *con) { const char *constr = con; if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) { @@ -171,7 +165,7 @@ int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con) constr, strlen(constr), 0); } -int setfilecon(const char *path, VIR_SELINUX_CTX_CONST char *con) +int setfilecon(const char *path, const char *con) { return setfilecon_raw(path, con); } @@ -292,7 +286,6 @@ const char *selinux_lxc_contexts_path(void) } #endif -#if HAVE_SELINUX_LABEL_H struct selabel_handle * selabel_open(unsigned int backend, VIR_SELINUX_OPEN_CONST struct selinux_opt *opts, @@ -335,5 +328,3 @@ int selabel_lookup_raw(struct selabel_handle *handle, errno = ENOENT; return -1; } - -#endif