mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-11-21 03:13:05 +08:00
Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/
Upstream SELinux has recently marked security_context_t as officially
deprecated, causing warnings with -Wdeprecated-declarations. This is
considered as legacy code for some time now by upstream as
security_context_t got removed from most of the code tree during the
development of 2.3 back in 2014.
This removes all the references to security_context_t in sepgsql/ to be
consistent with SELinux, fixing the warnings. Note that this does not
impact the minimum version of libselinux supported.
This has been applied first as 1f32136
for 14~, but no other branches
got the call. This is in line with the recent project policy to have no
warnings in branches where builds should still be supported (9.2~ as of
today). Per discussion with Tom Lane and Álvaro Herrera.
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/20200813012735.GC11663@paquier.xyz
Discussion: https://postgr.es/m/20221103181028.raqta27jcuypor4l@alvherre.pgsql
Backpatch-through: 9.2
This commit is contained in:
parent
377b37cf7b
commit
40064e103b
@ -130,7 +130,7 @@ sepgsql_set_client_label(const char *new_label)
|
||||
tcontext = client_label_peer;
|
||||
else
|
||||
{
|
||||
if (security_check_context_raw((security_context_t) new_label) < 0)
|
||||
if (security_check_context_raw(new_label) < 0)
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INVALID_NAME),
|
||||
errmsg("SELinux: invalid security label: \"%s\"",
|
||||
@ -470,9 +470,9 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
|
||||
object.objectSubId = subId;
|
||||
|
||||
label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
|
||||
if (!label || security_check_context_raw((security_context_t) label))
|
||||
if (!label || security_check_context_raw(label))
|
||||
{
|
||||
security_context_t unlabeled;
|
||||
char *unlabeled;
|
||||
|
||||
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
|
||||
ereport(ERROR,
|
||||
@ -507,7 +507,7 @@ sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)
|
||||
* context of selinux.
|
||||
*/
|
||||
if (seclabel &&
|
||||
security_check_context_raw((security_context_t) seclabel) < 0)
|
||||
security_check_context_raw(seclabel) < 0)
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INVALID_NAME),
|
||||
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
|
||||
@ -749,7 +749,7 @@ exec_object_restorecon(struct selabel_handle * sehnd, Oid catalogId)
|
||||
char *objname;
|
||||
int objtype = 1234;
|
||||
ObjectAddress object;
|
||||
security_context_t context;
|
||||
char *context;
|
||||
|
||||
/*
|
||||
* The way to determine object name depends on object classes. So, any
|
||||
|
@ -767,8 +767,8 @@ sepgsql_compute_avd(const char *scontext,
|
||||
* Ask SELinux what is allowed set of permissions on a pair of the
|
||||
* security contexts and the given object class.
|
||||
*/
|
||||
if (security_compute_av_flags_raw((security_context_t) scontext,
|
||||
(security_context_t) tcontext,
|
||||
if (security_compute_av_flags_raw(scontext,
|
||||
tcontext,
|
||||
tclass_ex, 0, &avd_ex) < 0)
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INTERNAL_ERROR),
|
||||
@ -839,7 +839,7 @@ sepgsql_compute_create(const char *scontext,
|
||||
uint16 tclass,
|
||||
const char *objname)
|
||||
{
|
||||
security_context_t ncontext;
|
||||
char *ncontext;
|
||||
security_class_t tclass_ex;
|
||||
const char *tclass_name;
|
||||
char *result;
|
||||
@ -854,8 +854,8 @@ sepgsql_compute_create(const char *scontext,
|
||||
* Ask SELinux what is the default context for the given object class on a
|
||||
* pair of security contexts
|
||||
*/
|
||||
if (security_compute_create_name_raw((security_context_t) scontext,
|
||||
(security_context_t) tcontext,
|
||||
if (security_compute_create_name_raw(scontext,
|
||||
tcontext,
|
||||
tclass_ex,
|
||||
objname,
|
||||
&ncontext) < 0)
|
||||
|
@ -177,7 +177,7 @@ sepgsql_avc_unlabeled(void)
|
||||
{
|
||||
if (!avc_unlabeled)
|
||||
{
|
||||
security_context_t unlabeled;
|
||||
char *unlabeled;
|
||||
|
||||
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
|
||||
ereport(ERROR,
|
||||
@ -225,7 +225,7 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
|
||||
* policy is reloaded, validation status shall be kept, so we also cache
|
||||
* whether the supplied security context was valid, or not.
|
||||
*/
|
||||
if (security_check_context_raw((security_context_t) tcontext) != 0)
|
||||
if (security_check_context_raw(tcontext) != 0)
|
||||
ucontext = sepgsql_avc_unlabeled();
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user