On Mon, Oct 21, 2019 at 02:51:32PM +0200, Ján Tomko wrote:
On Mon, Oct 21, 2019 at 10:00:29AM +0200, Pavel Hrdina wrote:
All OSes that we support have libselinux >= 2.5 except for Ubuntu 16.04 where the version is 2.4.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- m4/virt-selinux.m4 | 20 ++------------------ src/qemu/qemu_domain.c | 4 ++-- src/security/security_selinux.c | 22 ++-------------------- tests/securityselinuxhelper.c | 19 +++++-------------- 4 files changed, 11 insertions(+), 54 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a97bf65e7f..71478319a6 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -13262,7 +13262,7 @@ qemuDomainCreateDeviceRecursive(const char *device, }
if (tcon && - lsetfilecon_raw(devicePath, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) { + lsetfilecon_raw(devicePath, (const char *)tcon) < 0) {
I'm confused - why do we use a cast here in the first place?
The original failure was that the definition of our mocked versions of the APIs did not match the declaration in system selinux headers: https://www.redhat.com/archives/libvir-list/2014-May/msg00925.html
Passing char* to a function treating it as const char* is allowed and I don't see any benefit of explicitly casting it.
IIUC the situation is the reverse. SELinux used to declare the parameter 'security_context_t' which lacks 'const'. So we would have been passing a 'const char*' to a 'char *' and thus need to explicitly discard const - in this case VIR_SELINUX_CTX_CONST would have expanded to no-op. That said it is redundant in this situation as we either have const char * -> char * -> char * or const char * -> const char * -> const char * If we had left out the VIR_SELINUX_CTX_CONST, the second would have been const char * -> char * -> const char * which is still fine - just uncessarily discarding const Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|