mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-07 05:25:25 +00:00
m4: virt-selinux: remove obsolete checks
All OSes that we support have libselinux >= 2.5 except for Ubuntu 16.04 where the version is 2.4. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
3365cdf8a8
commit
5f92046b77
@ -27,20 +27,8 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
|
|||||||
[fgetfilecon_raw], [selinux/selinux.h])
|
[fgetfilecon_raw], [selinux/selinux.h])
|
||||||
|
|
||||||
if test "$with_selinux" = "yes"; then
|
if test "$with_selinux" = "yes"; then
|
||||||
# libselinux changed signatures between 2.2 and 2.3
|
# libselinux changed signatures for 2.5
|
||||||
AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_const],
|
# TODO: Drop once we don't support Ubuntu 16.04
|
||||||
[AC_COMPILE_IFELSE(
|
|
||||||
[AC_LANG_PROGRAM(
|
|
||||||
[[
|
|
||||||
#include <selinux/selinux.h>
|
|
||||||
int setcon(char *context);
|
|
||||||
]])],
|
|
||||||
[lv_cv_setcon_const=''],
|
|
||||||
[lv_cv_setcon_const='const'])])
|
|
||||||
AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const],
|
|
||||||
[Define to empty or 'const' depending on how SELinux qualifies its
|
|
||||||
security context parameters])
|
|
||||||
# ...and again for 2.5
|
|
||||||
AC_CACHE_CHECK([for selinux selabel_open parameter type],
|
AC_CACHE_CHECK([for selinux selabel_open parameter type],
|
||||||
[lv_cv_selabel_open_const],
|
[lv_cv_selabel_open_const],
|
||||||
[AC_COMPILE_IFELSE(
|
[AC_COMPILE_IFELSE(
|
||||||
@ -68,10 +56,6 @@ struct selabel_handle *selabel_open(unsigned, struct selinux_opt *, unsigned);
|
|||||||
fi
|
fi
|
||||||
AC_MSG_RESULT([$SELINUX_MOUNT])
|
AC_MSG_RESULT([$SELINUX_MOUNT])
|
||||||
AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
|
AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
|
||||||
|
|
||||||
dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
|
|
||||||
dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
|
|
||||||
AC_CHECK_HEADERS([selinux/label.h])
|
|
||||||
fi
|
fi
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -13276,7 +13276,7 @@ qemuDomainCreateDeviceRecursive(const char *device,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (tcon &&
|
if (tcon &&
|
||||||
lsetfilecon_raw(devicePath, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
|
lsetfilecon_raw(devicePath, (const char *)tcon) < 0) {
|
||||||
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
|
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
|
||||||
if (errno != EOPNOTSUPP && errno != ENOTSUP) {
|
if (errno != EOPNOTSUPP && errno != ENOTSUP) {
|
||||||
VIR_WARNINGS_RESET
|
VIR_WARNINGS_RESET
|
||||||
@ -14074,7 +14074,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED,
|
|||||||
|
|
||||||
# ifdef WITH_SELINUX
|
# ifdef WITH_SELINUX
|
||||||
if (data->tcon &&
|
if (data->tcon &&
|
||||||
lsetfilecon_raw(data->file, (VIR_SELINUX_CTX_CONST char *)data->tcon) < 0) {
|
lsetfilecon_raw(data->file, (const char *)data->tcon) < 0) {
|
||||||
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
|
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
|
||||||
if (errno != EOPNOTSUPP && errno != ENOTSUP) {
|
if (errno != EOPNOTSUPP && errno != ENOTSUP) {
|
||||||
VIR_WARNINGS_RESET
|
VIR_WARNINGS_RESET
|
||||||
|
@ -23,9 +23,7 @@
|
|||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#if HAVE_SELINUX_LABEL_H
|
#include <selinux/label.h>
|
||||||
# include <selinux/label.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "security_driver.h"
|
#include "security_driver.h"
|
||||||
#include "security_selinux.h"
|
#include "security_selinux.h"
|
||||||
@ -62,9 +60,7 @@ struct _virSecuritySELinuxData {
|
|||||||
char *content_context;
|
char *content_context;
|
||||||
virHashTablePtr mcs;
|
virHashTablePtr mcs;
|
||||||
bool skipAllLabel;
|
bool skipAllLabel;
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
struct selabel_handle *label_handle;
|
struct selabel_handle *label_handle;
|
||||||
#endif
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Data structure to pass to various callbacks so we have everything we need */
|
/* Data structure to pass to various callbacks so we have everything we need */
|
||||||
@ -640,14 +636,12 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
|
|||||||
|
|
||||||
data->skipAllLabel = true;
|
data->skipAllLabel = true;
|
||||||
|
|
||||||
# if HAVE_SELINUX_LABEL_H
|
|
||||||
data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
||||||
if (!data->label_handle) {
|
if (!data->label_handle) {
|
||||||
virReportSystemError(errno, "%s",
|
virReportSystemError(errno, "%s",
|
||||||
_("cannot open SELinux label_handle"));
|
_("cannot open SELinux label_handle"));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
# endif
|
|
||||||
|
|
||||||
if (!(selinux_conf = virConfReadFile(selinux_lxc_contexts_path(), 0)))
|
if (!(selinux_conf = virConfReadFile(selinux_lxc_contexts_path(), 0)))
|
||||||
goto error;
|
goto error;
|
||||||
@ -688,10 +682,8 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
# if HAVE_SELINUX_LABEL_H
|
|
||||||
selabel_close(data->label_handle);
|
selabel_close(data->label_handle);
|
||||||
data->label_handle = NULL;
|
data->label_handle = NULL;
|
||||||
# endif
|
|
||||||
VIR_FREE(data->domain_context);
|
VIR_FREE(data->domain_context);
|
||||||
VIR_FREE(data->file_context);
|
VIR_FREE(data->file_context);
|
||||||
VIR_FREE(data->content_context);
|
VIR_FREE(data->content_context);
|
||||||
@ -717,14 +709,12 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
|
|||||||
|
|
||||||
data->skipAllLabel = false;
|
data->skipAllLabel = false;
|
||||||
|
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
||||||
if (!data->label_handle) {
|
if (!data->label_handle) {
|
||||||
virReportSystemError(errno, "%s",
|
virReportSystemError(errno, "%s",
|
||||||
_("cannot open SELinux label_handle"));
|
_("cannot open SELinux label_handle"));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) {
|
if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) {
|
||||||
virReportSystemError(errno,
|
virReportSystemError(errno,
|
||||||
@ -773,10 +763,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
selabel_close(data->label_handle);
|
selabel_close(data->label_handle);
|
||||||
data->label_handle = NULL;
|
data->label_handle = NULL;
|
||||||
#endif
|
|
||||||
VIR_FREE(data->domain_context);
|
VIR_FREE(data->domain_context);
|
||||||
VIR_FREE(data->alt_domain_context);
|
VIR_FREE(data->alt_domain_context);
|
||||||
VIR_FREE(data->file_context);
|
VIR_FREE(data->file_context);
|
||||||
@ -1046,10 +1034,8 @@ virSecuritySELinuxDriverClose(virSecurityManagerPtr mgr)
|
|||||||
if (!data)
|
if (!data)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
if (data->label_handle)
|
if (data->label_handle)
|
||||||
selabel_close(data->label_handle);
|
selabel_close(data->label_handle);
|
||||||
#endif
|
|
||||||
|
|
||||||
virHashFree(data->mcs);
|
virHashFree(data->mcs);
|
||||||
|
|
||||||
@ -1272,7 +1258,7 @@ virSecuritySELinuxSetFileconImpl(const char *path,
|
|||||||
|
|
||||||
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
|
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
|
||||||
|
|
||||||
if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
|
if (setfilecon_raw(path, (const char *)tcon) < 0) {
|
||||||
int setfilecon_errno = errno;
|
int setfilecon_errno = errno;
|
||||||
|
|
||||||
if (getfilecon_raw(path, &econ) >= 0) {
|
if (getfilecon_raw(path, &econ) >= 0) {
|
||||||
@ -1458,13 +1444,9 @@ static int
|
|||||||
getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
|
getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
|
||||||
const char *newpath, mode_t mode, security_context_t *fcon)
|
const char *newpath, mode_t mode, security_context_t *fcon)
|
||||||
{
|
{
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
|
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
|
||||||
return selabel_lookup_raw(data->label_handle, fcon, newpath, mode);
|
return selabel_lookup_raw(data->label_handle, fcon, newpath, mode);
|
||||||
#else
|
|
||||||
return matchpathcon(newpath, mode, fcon);
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -27,9 +27,7 @@
|
|||||||
# include <linux/magic.h>
|
# include <linux/magic.h>
|
||||||
#endif
|
#endif
|
||||||
#include <selinux/selinux.h>
|
#include <selinux/selinux.h>
|
||||||
#if HAVE_SELINUX_LABEL_H
|
#include <selinux/label.h>
|
||||||
# include <selinux/label.h>
|
|
||||||
#endif
|
|
||||||
#include <sys/vfs.h>
|
#include <sys/vfs.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <sys/xattr.h>
|
#include <sys/xattr.h>
|
||||||
@ -54,7 +52,6 @@ static const char *(*real_selinux_virtual_image_context_path)(void);
|
|||||||
static const char *(*real_selinux_lxc_contexts_path)(void);
|
static const char *(*real_selinux_lxc_contexts_path)(void);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
|
static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
|
||||||
VIR_SELINUX_OPEN_CONST
|
VIR_SELINUX_OPEN_CONST
|
||||||
struct selinux_opt *opts,
|
struct selinux_opt *opts,
|
||||||
@ -64,7 +61,6 @@ static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
|
|||||||
security_context_t *con,
|
security_context_t *con,
|
||||||
const char *key,
|
const char *key,
|
||||||
int type);
|
int type);
|
||||||
#endif
|
|
||||||
|
|
||||||
static void init_syms(void)
|
static void init_syms(void)
|
||||||
{
|
{
|
||||||
@ -82,11 +78,9 @@ static void init_syms(void)
|
|||||||
VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path);
|
VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
VIR_MOCK_REAL_INIT(selabel_open);
|
VIR_MOCK_REAL_INIT(selabel_open);
|
||||||
VIR_MOCK_REAL_INIT(selabel_close);
|
VIR_MOCK_REAL_INIT(selabel_close);
|
||||||
VIR_MOCK_REAL_INIT(selabel_lookup_raw);
|
VIR_MOCK_REAL_INIT(selabel_lookup_raw);
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -145,7 +139,7 @@ int getpidcon(pid_t pid, security_context_t *context)
|
|||||||
return getpidcon_raw(pid, context);
|
return getpidcon_raw(pid, context);
|
||||||
}
|
}
|
||||||
|
|
||||||
int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
|
int setcon_raw(const char *context)
|
||||||
{
|
{
|
||||||
if (!is_selinux_enabled()) {
|
if (!is_selinux_enabled()) {
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
@ -154,13 +148,13 @@ int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
|
|||||||
return setenv("FAKE_SELINUX_CONTEXT", context, 1);
|
return setenv("FAKE_SELINUX_CONTEXT", context, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int setcon(VIR_SELINUX_CTX_CONST char *context)
|
int setcon(const char *context)
|
||||||
{
|
{
|
||||||
return setcon_raw(context);
|
return setcon_raw(context);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con)
|
int setfilecon_raw(const char *path, const char *con)
|
||||||
{
|
{
|
||||||
const char *constr = con;
|
const char *constr = con;
|
||||||
if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
|
if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
|
||||||
@ -171,7 +165,7 @@ int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con)
|
|||||||
constr, strlen(constr), 0);
|
constr, strlen(constr), 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int setfilecon(const char *path, VIR_SELINUX_CTX_CONST char *con)
|
int setfilecon(const char *path, const char *con)
|
||||||
{
|
{
|
||||||
return setfilecon_raw(path, con);
|
return setfilecon_raw(path, con);
|
||||||
}
|
}
|
||||||
@ -292,7 +286,6 @@ const char *selinux_lxc_contexts_path(void)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if HAVE_SELINUX_LABEL_H
|
|
||||||
struct selabel_handle *
|
struct selabel_handle *
|
||||||
selabel_open(unsigned int backend,
|
selabel_open(unsigned int backend,
|
||||||
VIR_SELINUX_OPEN_CONST struct selinux_opt *opts,
|
VIR_SELINUX_OPEN_CONST struct selinux_opt *opts,
|
||||||
@ -335,5 +328,3 @@ int selabel_lookup_raw(struct selabel_handle *handle,
|
|||||||
errno = ENOENT;
|
errno = ENOENT;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
|
||||||
|
Loading…
Reference in New Issue
Block a user