[libvirt] [PATCH] maint: cleanup detection of const'ness of selinux ctx
Jim Fehlig
jfehlig at suse.com
Wed May 28 23:03:42 UTC 2014
Eric Blake wrote:
> On 05/28/2014 01:54 PM, Jim Fehlig wrote:
>
>> Commit 292d3f2d fixed the build with libselinux 2.3, but missed
>> some suggestions by eblake
>>
>> https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html
>>
>> This patch changes the macro introduced in 292d3f2d to either be
>> empty in the case of newer libselinux, or contain 'const' in the
>> case of older libselinux. The macro is then used directly in
>> tests/securityselinuxhelper.c.
>> ---
>> m4/virt-selinux.m4 | 7 +++++--
>> tests/securityselinuxhelper.c | 24 ++++--------------------
>> 2 files changed, 9 insertions(+), 22 deletions(-)
>>
>> diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
>> index 1d899d5..a6f89ba 100644
>> --- a/m4/virt-selinux.m4
>> +++ b/m4/virt-selinux.m4
>> @@ -39,8 +39,11 @@ int setcon(const security_context_t context);
>> [gt_cv_setcon_param='security_context_t'],
>> [gt_cv_setcon_param='const char*'])])
>> if test "$gt_cv_setcon_param" = 'const char*'; then
>> - AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
>> - [SELinux uses newer char * for security context])
>> + AC_DEFINE([VIR_SELINUX_CTX_CONST], [const],
>> + [SELinux uses newer const char * for security context])
>> + else
>> + AC_DEFINE([VIR_SELINUX_CTX_CONST], [],
>> + [SELinux uses newer const char * for security context])
>> fi
>>
>
> That feels complex to have two competing AC_DEFINE. By using a single
> AC_DEFINE_UNQUOTED and judicious contents of the _cv_ shell variable,
> you can get by with one. Oh, and while we are at it, we should be using
> the libvirt prefix of lv_, not the gettext prefix of gt_.
>
>
>> -#ifdef SELINUX_CTX_CHAR_PTR
>> -int setcon_raw(const char *context)
>> -#else
>> -int setcon_raw(security_context_t context)
>>
>
> [Note that setcon_raw(security_context_t context) and setcon_raw(const
> security_context_t context) are compatible; the compiler treats 'const
> typedef_to_pointer' the same as 'type *const' (a pointer that can't be
> changed once initialized, but whose contents can be altered at will) and
> NOT as 'const type *' (a pointer that can be changed at will, but where
> the contents of the current pointer value cannot be changed). That's
> probably why newer libselinux ditched the typedef and went with a
> verbatim 'const char *', even though it was not compile-time
> back-compatible.]
>
>
>> -#endif
>> +int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
>>
>
> So it actually works for libselinx 2.3 (I'm assuming your testing
> covered it) and 2.2 (I tested that). Okay, it is indeed nicer. ACK
> with this squashed in, if it still passes for you:
>
Still passes my tests, which include libselinux 2.1, 2.2, and 2.3.
Pushed now. Thanks for the help!
Regards,
Jim
More information about the libvir-list
mailing list