From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) by sourceware.org (Postfix) with ESMTPS id 5234D3857032 for ; Wed, 22 Jul 2020 18:48:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 5234D3857032 Received: by mail-il1-x142.google.com with SMTP id h16so2198231ilj.11 for ; Wed, 22 Jul 2020 11:48:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d9tGhRyyCeG6ZBiK4WOUODCryn2EFfevy65Xe0g50ms=; b=LJ88LNVR9N+UsK8cNpN3GnjS9jrdZ7nU1TaI7iDUjGIbyRp98LztKlsoIZaLup26tq 22h0XQkFBQCGm8Ogq0gVVm/h3IxJ5bOQsIajHheAa/PZEP1Kk+BHINNqKbtDzG6eAiSW M6HbUopEaVeyuT8Kh3JV/BgpotdFHMVXwq6W6/e+Zu9T5a5xIv63OU2Sx59IZUqU6MR3 RHhl+LBc758M5mzOq0yIh9BgTjoil4v88tWtBYz7r+UWs4KzIw6uz64M/QQ51RQ1MvxT 8Q5iD1acAYOGWkUgi3TmydEbuE51r8vqmRrDG9I5S8qyHpTQBZx14pOwOOcbvUD85Xdh l3XA== X-Gm-Message-State: AOAM530DwD3PbUtbEKG1OlepXi5wp7Lk8VjDV7gP25/aHWrCfCBhVO7J ECLRnnWFR2lo+ahZJzp3XXN0Rh8NTBQ9zIaIX2lmzwCG X-Google-Smtp-Source: ABdhPJyfedG/3VEvoKmd7ApBvd+sI/G2uI/EwkgsQHJ763U0CZhYKxlQeWoNk/8VXrKK72JrUlt4evyg3aYj7Xa9YFk= X-Received: by 2002:a92:bf0c:: with SMTP id z12mr1218576ilh.151.1595443696775; Wed, 22 Jul 2020 11:48:16 -0700 (PDT) MIME-Version: 1.0 References: <20200722183849.GA74546@aloka.lostca.se> In-Reply-To: <20200722183849.GA74546@aloka.lostca.se> From: "H.J. Lu" Date: Wed, 22 Jul 2020 11:47:41 -0700 Message-ID: Subject: Re: [PATCH] Disable warnings due to deprecated libselinux symbols used by nss and nscd To: Arjun Shankar Cc: GNU C Library , "Carlos O'Donell" , Joseph Myers , Aurelien Jarno Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2020 18:48:18 -0000 On Wed, Jul 22, 2020 at 11:39 AM Arjun Shankar wrote: > > From: Arjun Shankar > > The SELinux API deprecated several symbols in its 3.1 release, including > security_context_t, matchpathcon, avc_init, and sidput, which are used in > makedb and nscd. While the usage of these should eventually be replaced by > newer interfaces, this commit disables GCC warnings due to the use of the > above symbols. > --- > Aurelien recently posted a patch with an identical result, but using #pragma: > https://sourceware.org/pipermail/libc-alpha/2020-July/116523.html > > Just put this together so it can hopefully go in soon with both glibc-2.32 > being close by and Fedora 33 awaiting this change, since glibc already fails > to build on Fedora rawhide. > > Tested on x86_64 with libselinux-3.1 installed. > --- > nscd/selinux.c | 16 ++++++++++++++++ > nss/makedb.c | 9 +++++++++ > 2 files changed, 25 insertions(+) > > diff --git a/nscd/selinux.c b/nscd/selinux.c > index a4ea8008e2..8802d34265 100644 > --- a/nscd/selinux.c > +++ b/nscd/selinux.c > @@ -33,6 +33,7 @@ > #ifdef HAVE_LIBAUDIT > # include > #endif > +#include > > #include "dbg_log.h" > #include "selinux.h" > @@ -320,6 +321,12 @@ avc_free_lock (void *lock) > } > > > +/* avc_init (along with several other symbols) was marked as deprecated by the > + SELinux API starting from version 3.1. We use it here, but should > + eventually switch to the newer API. */ > +DIAG_PUSH_NEEDS_COMMENT > +DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations"); > + > /* Initialize the user space access vector cache (AVC) for NSCD along with > log/thread/lock callbacks. */ > void > @@ -335,7 +342,14 @@ nscd_avc_init (void) > audit_init (); > #endif > } > +DIAG_POP_NEEDS_COMMENT > + > > +/* security_context_t and sidput (along with several other symbols) were marked > + as deprecated by the SELinux API starting from version 3.1. We use them > + here, but should eventually switch to the newer API. */ > +DIAG_PUSH_NEEDS_COMMENT > +DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations"); > > /* Check the permission from the caller (via getpeercon) to nscd. > Returns 0 if access is allowed, 1 if denied, and -1 on error. > @@ -411,6 +425,7 @@ nscd_request_avc_has_perm (int fd, request_type req) > rc = avc_has_perm (ssid, tsid, sc_nscd, perm, &aeref, NULL) < 0; > > out: > + Why this? > if (scon) > freecon (scon); > if (tcon) > @@ -422,6 +437,7 @@ out: > > return rc; > } > +DIAG_POP_NEEDS_COMMENT > > > /* Wrapper to get AVC statistics. */ > diff --git a/nss/makedb.c b/nss/makedb.c > index 8e389a1683..8e1e8ec9ad 100644 > --- a/nss/makedb.c > +++ b/nss/makedb.c > @@ -38,6 +38,7 @@ > #include > #include > #include "nss_db/nss_db.h" > +#include > > /* Get libc version number. */ > #include "../version.h" > @@ -841,6 +842,13 @@ print_database (int fd) > > > #ifdef HAVE_SELINUX > + > +/* security_context_t and matchpathcon (along with several other symbols) were > + marked as deprecated by the SELinux API starting from version 3.1. We use > + them here, but should eventually switch to the newer API. */ > +DIAG_PUSH_NEEDS_COMMENT > +DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations"); > + > static void > set_file_creation_context (const char *outname, mode_t mode) > { > @@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode) > freecon (ctx); > } > } > +DIAG_POP_NEEDS_COMMENT > > static void > reset_file_creation_context (void) > -- > 2.26.2 > -- H.J.