On Mon, Oct 21, 2019 at 10:00:29AM +0200, Pavel Hrdina wrote:
All OSes that we support have libselinux >= 2.5 except for Ubuntu
16.04
where the version is 2.4.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
m4/virt-selinux.m4 | 20 ++------------------
src/qemu/qemu_domain.c | 4 ++--
src/security/security_selinux.c | 22 ++--------------------
tests/securityselinuxhelper.c | 19 +++++--------------
4 files changed, 11 insertions(+), 54 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a97bf65e7f..71478319a6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -13262,7 +13262,7 @@ qemuDomainCreateDeviceRecursive(const char *device,
}
if (tcon &&
- lsetfilecon_raw(devicePath, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
+ lsetfilecon_raw(devicePath, (const char *)tcon) < 0) {
I'm confused - why do we use a cast here in the first place?
The original failure was that the definition of our mocked versions of the APIs did not
match the declaration in system selinux headers:
https://www.redhat.com/archives/libvir-list/2014-May/msg00925.html
Passing char* to a function treating it as const char* is allowed and I don't
see any benefit of explicitly casting it.
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
if (errno != EOPNOTSUPP && errno != ENOTSUP) {
VIR_WARNINGS_RESET
@@ -14061,7 +14061,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED,
# ifdef WITH_SELINUX
if (data->tcon &&
- lsetfilecon_raw(data->file, (VIR_SELINUX_CTX_CONST char *)data->tcon) <
0) {
+ lsetfilecon_raw(data->file, (const char *)data->tcon) < 0) {
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
if (errno != EOPNOTSUPP && errno != ENOTSUP) {
VIR_WARNINGS_RESET
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 0812def922..386a8b84e6 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1279,7 +1265,7 @@ virSecuritySELinuxSetFileconImpl(const char *path,
VIR_INFO("Setting SELinux context on '%s' to '%s'", path,
tcon);
- if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
+ if (setfilecon_raw(path, (const char *)tcon) < 0) {
int setfilecon_errno = errno;
if (getfilecon_raw(path, &econ) >= 0) {
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano