On 05/28/2014 01:54 PM, Jim Fehlig wrote:

Commit 292d3f2d fixed the build with libselinux 2.3, but missed some suggestions by eblake

https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html

This patch changes the macro introduced in 292d3f2d to either be empty in the case of newer libselinux, or contain 'const' in the case of older libselinux. The macro is then used directly in tests/securityselinuxhelper.c. --- m4/virt-selinux.m4 | 7 +++++-- tests/securityselinuxhelper.c | 24 ++++-------------------- 2 files changed, 9 insertions(+), 22 deletions(-)

diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4 index 1d899d5..a6f89ba 100644 --- a/m4/virt-selinux.m4 +++ b/m4/virt-selinux.m4 @@ -39,8 +39,11 @@ int setcon(const security_context_t context); [gt_cv_setcon_param='security_context_t'], [gt_cv_setcon_param='const char*'])]) if test "$gt_cv_setcon_param" = 'const char*'; then - AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1, - [SELinux uses newer char * for security context]) + AC_DEFINE([VIR_SELINUX_CTX_CONST], [const], + [SELinux uses newer const char * for security context]) + else + AC_DEFINE([VIR_SELINUX_CTX_CONST], [], + [SELinux uses newer const char * for security context]) fi

That feels complex to have two competing AC_DEFINE. By using a single AC_DEFINE_UNQUOTED and judicious contents of the _cv_ shell variable, you can get by with one. Oh, and while we are at it, we should be using the libvirt prefix of lv_, not the gettext prefix of gt_.

-#ifdef SELINUX_CTX_CHAR_PTR -int setcon_raw(const char *context) -#else -int setcon_raw(security_context_t context)

[Note that setcon_raw(security_context_t context) and setcon_raw(const security_context_t context) are compatible; the compiler treats 'const typedef_to_pointer' the same as 'type *const' (a pointer that can't be changed once initialized, but whose contents can be altered at will) and NOT as 'const type *' (a pointer that can be changed at will, but where the contents of the current pointer value cannot be changed). That's probably why newer libselinux ditched the typedef and went with a verbatim 'const char *', even though it was not compile-time back-compatible.]

-#endif +int setcon_raw(VIR_SELINUX_CTX_CONST char *context)

So it actually works for libselinx 2.3 (I'm assuming your testing covered it) and 2.2 (I tested that). Okay, it is indeed nicer. ACK with this squashed in, if it still passes for you: diff --git i/m4/virt-selinux.m4 w/m4/virt-selinux.m4 index a6f89ba..357b758 100644 --- i/m4/virt-selinux.m4 +++ w/m4/virt-selinux.m4 @@ -29,22 +29,18 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ if test "$with_selinux" = "yes"; then # libselinux changed signatures between 2.2 and 2.3 - AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param], + AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_const], [AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ #include <selinux/selinux.h> -int setcon(const security_context_t context); +int setcon(char *context); ]])], - [gt_cv_setcon_param='security_context_t'], - [gt_cv_setcon_param='const char*'])]) - if test "$gt_cv_setcon_param" = 'const char*'; then - AC_DEFINE([VIR_SELINUX_CTX_CONST], [const], - [SELinux uses newer const char * for security context]) - else - AC_DEFINE([VIR_SELINUX_CTX_CONST], [], - [SELinux uses newer const char * for security context]) - fi + [lv_cv_setcon_const=''], + [lv_cv_setcon_const='const'])]) + AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const], + [Define to empty or 'const' depending on how SELinux qualifies its + security context parameters]) AC_MSG_CHECKING([SELinux mount point]) if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org