mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-18 18:45:16 +00:00
Substitute security_context_t with char *
Historically, we've used security_context_t for variables passed to libselinux APIs. But almost 7 years ago, libselinux developers admitted in their API that in fact, it's just a 'char *' type [1]. Ever since then the APIs accept 'char *' instead, but they kept the old alias just for API stability. Well, not anymore [2]. 1:9eb9c93275
2:7a124ca275
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
This commit is contained in:
parent
deceb1e09f
commit
e71e13488d
@ -204,7 +204,7 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
|
|||||||
if (STREQ(model->model, "selinux")) {
|
if (STREQ(model->model, "selinux")) {
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
if (oldlabel) {
|
if (oldlabel) {
|
||||||
security_context_t ctx;
|
char *ctx;
|
||||||
|
|
||||||
if (getcon(&ctx) < 0) {
|
if (getcon(&ctx) < 0) {
|
||||||
virReportSystemError(errno,
|
virReportSystemError(errno,
|
||||||
|
@ -1593,7 +1593,7 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock G_GNUC_UNUSED,
|
|||||||
int virNetSocketGetSELinuxContext(virNetSocketPtr sock,
|
int virNetSocketGetSELinuxContext(virNetSocketPtr sock,
|
||||||
char **context)
|
char **context)
|
||||||
{
|
{
|
||||||
security_context_t seccon = NULL;
|
char *seccon = NULL;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
*context = NULL;
|
*context = NULL;
|
||||||
|
@ -198,7 +198,7 @@ virSecuritySELinuxTransactionAppend(const char *path,
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxRememberLabel(const char *path,
|
virSecuritySELinuxRememberLabel(const char *path,
|
||||||
const security_context_t con)
|
const char *con)
|
||||||
{
|
{
|
||||||
return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME,
|
return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME,
|
||||||
path, con);
|
path, con);
|
||||||
@ -207,7 +207,7 @@ virSecuritySELinuxRememberLabel(const char *path,
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxRecallLabel(const char *path,
|
virSecuritySELinuxRecallLabel(const char *path,
|
||||||
security_context_t *con)
|
char **con)
|
||||||
{
|
{
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
@ -431,7 +431,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
|
|||||||
int *catMin,
|
int *catMin,
|
||||||
int *catMax)
|
int *catMax)
|
||||||
{
|
{
|
||||||
security_context_t ourSecContext = NULL;
|
char *ourSecContext = NULL;
|
||||||
context_t ourContext = NULL;
|
context_t ourContext = NULL;
|
||||||
char *cat = NULL;
|
char *cat = NULL;
|
||||||
char *tmp;
|
char *tmp;
|
||||||
@ -530,8 +530,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static char *
|
static char *
|
||||||
virSecuritySELinuxContextAddRange(security_context_t src,
|
virSecuritySELinuxContextAddRange(char *src,
|
||||||
security_context_t dst)
|
char *dst)
|
||||||
{
|
{
|
||||||
char *str = NULL;
|
char *str = NULL;
|
||||||
char *ret = NULL;
|
char *ret = NULL;
|
||||||
@ -575,7 +575,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
|
|||||||
context_t context = NULL;
|
context_t context = NULL;
|
||||||
char *ret = NULL;
|
char *ret = NULL;
|
||||||
char *str;
|
char *str;
|
||||||
security_context_t ourSecContext = NULL;
|
char *ourSecContext = NULL;
|
||||||
context_t ourContext = NULL;
|
context_t ourContext = NULL;
|
||||||
|
|
||||||
VIR_DEBUG("basecontext=%s mcs=%s isObjectContext=%d",
|
VIR_DEBUG("basecontext=%s mcs=%s isObjectContext=%d",
|
||||||
@ -955,7 +955,7 @@ virSecuritySELinuxReserveLabel(virSecurityManagerPtr mgr,
|
|||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
pid_t pid)
|
pid_t pid)
|
||||||
{
|
{
|
||||||
security_context_t pctx;
|
char *pctx;
|
||||||
context_t ctx = NULL;
|
context_t ctx = NULL;
|
||||||
const char *mcs;
|
const char *mcs;
|
||||||
int rv;
|
int rv;
|
||||||
@ -1203,7 +1203,7 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
|
|||||||
pid_t pid,
|
pid_t pid,
|
||||||
virSecurityLabelPtr sec)
|
virSecurityLabelPtr sec)
|
||||||
{
|
{
|
||||||
security_context_t ctx;
|
char *ctx;
|
||||||
|
|
||||||
if (getpidcon_raw(pid, &ctx) == -1) {
|
if (getpidcon_raw(pid, &ctx) == -1) {
|
||||||
virReportSystemError(errno,
|
virReportSystemError(errno,
|
||||||
@ -1316,7 +1316,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
|
|||||||
bool remember)
|
bool remember)
|
||||||
{
|
{
|
||||||
bool privileged = virSecurityManagerGetPrivileged(mgr);
|
bool privileged = virSecurityManagerGetPrivileged(mgr);
|
||||||
security_context_t econ = NULL;
|
char *econ = NULL;
|
||||||
int refcount;
|
int refcount;
|
||||||
int rc;
|
int rc;
|
||||||
bool rollback = false;
|
bool rollback = false;
|
||||||
@ -1426,7 +1426,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
|
|||||||
/* Set fcon to the appropriate label for path and mode, or return -1. */
|
/* Set fcon to the appropriate label for path and mode, or return -1. */
|
||||||
static int
|
static int
|
||||||
getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
|
getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
|
||||||
const char *newpath, mode_t mode, security_context_t *fcon)
|
const char *newpath, mode_t mode, char **fcon)
|
||||||
{
|
{
|
||||||
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
|
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
|
||||||
@ -1443,7 +1443,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
|
|||||||
{
|
{
|
||||||
bool privileged = virSecurityManagerGetPrivileged(mgr);
|
bool privileged = virSecurityManagerGetPrivileged(mgr);
|
||||||
struct stat buf;
|
struct stat buf;
|
||||||
security_context_t fcon = NULL;
|
char *fcon = NULL;
|
||||||
char *newpath = NULL;
|
char *newpath = NULL;
|
||||||
int rc;
|
int rc;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
@ -2974,7 +2974,7 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
|
|||||||
{
|
{
|
||||||
/* TODO: verify DOI */
|
/* TODO: verify DOI */
|
||||||
virSecurityLabelDefPtr secdef;
|
virSecurityLabelDefPtr secdef;
|
||||||
security_context_t scon = NULL;
|
char *scon = NULL;
|
||||||
char *str = NULL;
|
char *str = NULL;
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
|
|
||||||
@ -3283,7 +3283,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
|
|||||||
int fd)
|
int fd)
|
||||||
{
|
{
|
||||||
struct stat buf;
|
struct stat buf;
|
||||||
security_context_t fcon = NULL;
|
char *fcon = NULL;
|
||||||
virSecurityLabelDefPtr secdef;
|
virSecurityLabelDefPtr secdef;
|
||||||
char *str = NULL, *proc = NULL, *fd_path = NULL;
|
char *str = NULL, *proc = NULL, *fd_path = NULL;
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
|
@ -1814,7 +1814,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSourcePtr target,
|
|||||||
struct stat *sb)
|
struct stat *sb)
|
||||||
{
|
{
|
||||||
#if WITH_SELINUX
|
#if WITH_SELINUX
|
||||||
security_context_t filecon = NULL;
|
char *filecon = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0)
|
if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0)
|
||||||
|
@ -157,7 +157,7 @@ virIdentityPtr virIdentityGetSystem(void)
|
|||||||
unsigned long long startTime;
|
unsigned long long startTime;
|
||||||
g_autoptr(virIdentity) ret = NULL;
|
g_autoptr(virIdentity) ret = NULL;
|
||||||
#if WITH_SELINUX
|
#if WITH_SELINUX
|
||||||
security_context_t con;
|
char *con;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!(ret = virIdentityNew()))
|
if (!(ret = virIdentityNew()))
|
||||||
|
@ -55,7 +55,7 @@ static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
|
|||||||
unsigned nopts);
|
unsigned nopts);
|
||||||
static void (*real_selabel_close)(struct selabel_handle *handle);
|
static void (*real_selabel_close)(struct selabel_handle *handle);
|
||||||
static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
|
static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
|
||||||
security_context_t *con,
|
char **con,
|
||||||
const char *key,
|
const char *key,
|
||||||
int type);
|
int type);
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ static void init_syms(void)
|
|||||||
* the virt_use_nfs bool is set.
|
* the virt_use_nfs bool is set.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int getcon_raw(security_context_t *context)
|
int getcon_raw(char **context)
|
||||||
{
|
{
|
||||||
if (!is_selinux_enabled()) {
|
if (!is_selinux_enabled()) {
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
@ -104,12 +104,12 @@ int getcon_raw(security_context_t *context)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int getcon(security_context_t *context)
|
int getcon(char **context)
|
||||||
{
|
{
|
||||||
return getcon_raw(context);
|
return getcon_raw(context);
|
||||||
}
|
}
|
||||||
|
|
||||||
int getpidcon_raw(pid_t pid, security_context_t *context)
|
int getpidcon_raw(pid_t pid, char **context)
|
||||||
{
|
{
|
||||||
if (!is_selinux_enabled()) {
|
if (!is_selinux_enabled()) {
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
@ -129,7 +129,7 @@ int getpidcon_raw(pid_t pid, security_context_t *context)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int getpidcon(pid_t pid, security_context_t *context)
|
int getpidcon(pid_t pid, char **context)
|
||||||
{
|
{
|
||||||
return getpidcon_raw(pid, context);
|
return getpidcon_raw(pid, context);
|
||||||
}
|
}
|
||||||
@ -165,7 +165,7 @@ int setfilecon(const char *path, const char *con)
|
|||||||
return setfilecon_raw(path, con);
|
return setfilecon_raw(path, con);
|
||||||
}
|
}
|
||||||
|
|
||||||
int getfilecon_raw(const char *path, security_context_t *con)
|
int getfilecon_raw(const char *path, char **con)
|
||||||
{
|
{
|
||||||
char *constr = NULL;
|
char *constr = NULL;
|
||||||
ssize_t len = getxattr(path, "user.libvirt.selinux",
|
ssize_t len = getxattr(path, "user.libvirt.selinux",
|
||||||
@ -189,7 +189,7 @@ int getfilecon_raw(const char *path, security_context_t *con)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int getfilecon(const char *path, security_context_t *con)
|
int getfilecon(const char *path, char **con)
|
||||||
{
|
{
|
||||||
return getfilecon_raw(path, con);
|
return getfilecon_raw(path, con);
|
||||||
}
|
}
|
||||||
@ -308,7 +308,7 @@ void selabel_close(struct selabel_handle *handle)
|
|||||||
}
|
}
|
||||||
|
|
||||||
int selabel_lookup_raw(struct selabel_handle *handle,
|
int selabel_lookup_raw(struct selabel_handle *handle,
|
||||||
security_context_t *con,
|
char **con,
|
||||||
const char *key,
|
const char *key,
|
||||||
int type)
|
int type)
|
||||||
{
|
{
|
||||||
|
@ -252,7 +252,7 @@ static int
|
|||||||
testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles)
|
testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
security_context_t ctx;
|
char *ctx;
|
||||||
|
|
||||||
for (i = 0; i < nfiles; i++) {
|
for (i = 0; i < nfiles; i++) {
|
||||||
ctx = NULL;
|
ctx = NULL;
|
||||||
@ -360,7 +360,7 @@ mymain(void)
|
|||||||
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
|
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|
||||||
setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
|
setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
|
||||||
|
|
||||||
DO_TEST_LABELING("disks");
|
DO_TEST_LABELING("disks");
|
||||||
DO_TEST_LABELING("kernel");
|
DO_TEST_LABELING("kernel");
|
||||||
|
@ -217,7 +217,7 @@ testSELinuxGenLabel(const void *opaque)
|
|||||||
context_t con = NULL;
|
context_t con = NULL;
|
||||||
context_t imgcon = NULL;
|
context_t imgcon = NULL;
|
||||||
|
|
||||||
if (setcon_raw((security_context_t)data->pidcon) < 0) {
|
if (setcon_raw(data->pidcon) < 0) {
|
||||||
perror("Cannot set process security context");
|
perror("Cannot set process security context");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -120,7 +120,7 @@ static int testIdentityGetSystem(const void *data)
|
|||||||
static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
|
static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
|
||||||
{
|
{
|
||||||
#if WITH_SELINUX
|
#if WITH_SELINUX
|
||||||
return setcon_raw((security_context_t)data);
|
return setcon_raw(data);
|
||||||
#else
|
#else
|
||||||
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
|
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
|
||||||
return EXIT_AM_SKIP;
|
return EXIT_AM_SKIP;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user