[libvirt] [PATCH] maint: cleanup detection of const'ness of selinux ctx

Wed May 28 23:03:42 UTC 2014

Eric Blake wrote:
> On 05/28/2014 01:54 PM, Jim Fehlig wrote:
>   
>> Commit 292d3f2d fixed the build with libselinux 2.3, but missed
>> some suggestions by eblake
>>
>> https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html
>>
>> This patch changes the macro introduced in 292d3f2d to either be
>> empty in the case of newer libselinux, or contain 'const' in the
>> case of older libselinux.  The macro is then used directly in
>> tests/securityselinuxhelper.c.
>> ---
>>  m4/virt-selinux.m4            |    7 +++++--
>>  tests/securityselinuxhelper.c |   24 ++++--------------------
>>  2 files changed, 9 insertions(+), 22 deletions(-)
>>
>> diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
>> index 1d899d5..a6f89ba 100644
>> --- a/m4/virt-selinux.m4
>> +++ b/m4/virt-selinux.m4
>> @@ -39,8 +39,11 @@ int setcon(const security_context_t context);
>>           [gt_cv_setcon_param='security_context_t'],
>>           [gt_cv_setcon_param='const char*'])])
>>      if test "$gt_cv_setcon_param" = 'const char*'; then
>> -       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
>> -                          [SELinux uses newer char * for security context])
>> +       AC_DEFINE([VIR_SELINUX_CTX_CONST], [const],
>> +                          [SELinux uses newer const char * for security context])
>> +    else
>> +       AC_DEFINE([VIR_SELINUX_CTX_CONST], [],
>> +                          [SELinux uses newer const char * for security context])
>>      fi
>>     
>
> That feels complex to have two competing AC_DEFINE.  By using a single
> AC_DEFINE_UNQUOTED and judicious contents of the _cv_ shell variable,
> you can get by with one.  Oh, and while we are at it, we should be using
> the libvirt prefix of lv_, not the gettext prefix of gt_.
>
>   
>> -#ifdef SELINUX_CTX_CHAR_PTR
>> -int setcon_raw(const char *context)
>> -#else
>> -int setcon_raw(security_context_t context)
>>     
>
> [Note that setcon_raw(security_context_t context) and setcon_raw(const
> security_context_t context) are compatible; the compiler treats 'const
> typedef_to_pointer' the same as 'type *const' (a pointer that can't be
> changed once initialized, but whose contents can be altered at will) and
> NOT as 'const type *' (a pointer that can be changed at will, but where
> the contents of the current pointer value cannot be changed).  That's
> probably why newer libselinux ditched the typedef and went with a
> verbatim 'const char *', even though it was not compile-time
> back-compatible.]
>
>   
>> -#endif
>> +int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
>>     
>
> So it actually works for libselinx 2.3 (I'm assuming your testing
> covered it) and 2.2 (I tested that).  Okay, it is indeed nicer.  ACK
> with this squashed in, if it still passes for you:
>   

Still passes my tests, which include libselinux 2.1, 2.2, and 2.3. 
Pushed now.  Thanks for the help!

Regards,
Jim