Cédric Bosdonnat wrote:
Several function signatures changed in libselinux 2.3, now taking
a 'const char *' instead of 'security_context_t'. The latter is
defined in selinux/selinux.h as
typedef char *security_context_t;
---
m4/virt-selinux.m4 | 18 ++++++++++++++++++
tests/securityselinuxhelper.c | 16 ++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
index 003c2a8..c299793 100644
--- a/m4/virt-selinux.m4
+++ b/m4/virt-selinux.m4
@@ -28,6 +28,24 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
[with_selinux_mount=check])
if test "$with_selinux" = "yes"; then
+ AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+#include <selinux/selinux.h>
+
+int setcon(const security_context_t context) {
+ return 0;
+}
+ ]],
+ [[]])],
+ [gt_cv_setcon_param='security_context'],
+ [gt_cv_setcon_param='const char*'])])
+ if test "$gt_cv_setcon_param" = 'const char*'; then
+ AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
+ [SELinux uses char * for security context])
+ fi
+
As Eric suggested, this is much better than the version check. But I'll
defer review of this fun code to him :-).
AC_MSG_CHECKING([SELinux mount point])
if test "$with_selinux_mount" = "check" || test -z
"$with_selinux_mount"; then
if test -d /sys/fs/selinux ; then
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index dbc4c29..af4fae4 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context)
return getpidcon_raw(pid, context);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon_raw(const char *context)
+#else
int setcon_raw(security_context_t context)
+#endif
I tried Eric's alternative of defining a VIR_SELINUX_CTX_CONST to either
'' or 'const', but couldn't get that to work. Deferring to Eric as
well...
Nonetheless, this patch works for me and is a good improvement over V1.
Regards,
Jim
{
if (!is_selinux_enabled()) {
errno = EINVAL;
@@ -165,13 +169,21 @@ int setcon_raw(security_context_t context)
return setenv("FAKE_SELINUX_CONTEXT", context, 1);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setcon(const char *context)
+#else
int setcon(security_context_t context)
+#endif
{
return setcon_raw(context);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon_raw(const char *path, const char *con)
+#else
int setfilecon_raw(const char *path, security_context_t con)
+#endif
{
const char *constr = con;
if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
@@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, security_context_t con)
constr, strlen(constr), 0);
}
+#ifdef SELINUX_CTX_CHAR_PTR
+int setfilecon(const char *path, const char *con)
+#else
int setfilecon(const char *path, security_context_t con)
+#endif
{
return setfilecon_raw(path, con);
}