[libvirt] [PATCH 04/25] m4: virt-selinux: remove obsolete checks

Pavel Hrdina phrdina at redhat.com
Mon Oct 21 08:00:29 UTC 2019


All OSes that we support have libselinux >= 2.5 except for Ubuntu 16.04
where the version is 2.4.

Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
---
 m4/virt-selinux.m4              | 20 ++------------------
 src/qemu/qemu_domain.c          |  4 ++--
 src/security/security_selinux.c | 22 ++--------------------
 tests/securityselinuxhelper.c   | 19 +++++--------------
 4 files changed, 11 insertions(+), 54 deletions(-)

diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
index fe274fafe9..64e6980844 100644
--- a/m4/virt-selinux.m4
+++ b/m4/virt-selinux.m4
@@ -27,20 +27,8 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
                     [fgetfilecon_raw], [selinux/selinux.h])
 
   if test "$with_selinux" = "yes"; then
-    # libselinux changed signatures between 2.2 and 2.3
-    AC_CACHE_CHECK([for selinux setcon parameter type], [lv_cv_setcon_const],
-    [AC_COMPILE_IFELSE(
-      [AC_LANG_PROGRAM(
-         [[
-#include <selinux/selinux.h>
-int setcon(char *context);
-         ]])],
-         [lv_cv_setcon_const=''],
-         [lv_cv_setcon_const='const'])])
-    AC_DEFINE_UNQUOTED([VIR_SELINUX_CTX_CONST], [$lv_cv_setcon_const],
-      [Define to empty or 'const' depending on how SELinux qualifies its
-       security context parameters])
-    # ...and again for 2.5
+    # libselinux changed signatures for 2.5
+    # TODO: Drop once we don't support Ubuntu 16.04
     AC_CACHE_CHECK([for selinux selabel_open parameter type],
                    [lv_cv_selabel_open_const],
     [AC_COMPILE_IFELSE(
@@ -68,10 +56,6 @@ struct selabel_handle *selabel_open(unsigned, struct selinux_opt *, unsigned);
     fi
     AC_MSG_RESULT([$SELINUX_MOUNT])
     AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
-
-    dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
-    dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
-    AC_CHECK_HEADERS([selinux/label.h])
   fi
 ])
 
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a97bf65e7f..71478319a6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -13262,7 +13262,7 @@ qemuDomainCreateDeviceRecursive(const char *device,
     }
 
     if (tcon &&
-        lsetfilecon_raw(devicePath, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
+        lsetfilecon_raw(devicePath, (const char *)tcon) < 0) {
         VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
         if (errno != EOPNOTSUPP && errno != ENOTSUP) {
         VIR_WARNINGS_RESET
@@ -14061,7 +14061,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED,
 
 # ifdef WITH_SELINUX
     if (data->tcon &&
-        lsetfilecon_raw(data->file, (VIR_SELINUX_CTX_CONST char *)data->tcon) < 0) {
+        lsetfilecon_raw(data->file, (const char *)data->tcon) < 0) {
         VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
         if (errno != EOPNOTSUPP && errno != ENOTSUP) {
         VIR_WARNINGS_RESET
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 0812def922..386a8b84e6 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -23,9 +23,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#if HAVE_SELINUX_LABEL_H
-# include <selinux/label.h>
-#endif
+#include <selinux/label.h>
 
 #include "security_driver.h"
 #include "security_selinux.h"
@@ -62,9 +60,7 @@ struct _virSecuritySELinuxData {
     char *content_context;
     virHashTablePtr mcs;
     bool skipAllLabel;
-#if HAVE_SELINUX_LABEL_H
     struct selabel_handle *label_handle;
-#endif
 };
 
 /* Data structure to pass to various callbacks so we have everything we need */
@@ -642,14 +638,12 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
 
     data->skipAllLabel = true;
 
-# if HAVE_SELINUX_LABEL_H
     data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
     if (!data->label_handle) {
         virReportSystemError(errno, "%s",
                              _("cannot open SELinux label_handle"));
         return -1;
     }
-# endif
 
     if (!(selinux_conf = virConfReadFile(selinux_lxc_contexts_path(), 0)))
         goto error;
@@ -690,10 +684,8 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
     return 0;
 
  error:
-# if HAVE_SELINUX_LABEL_H
     selabel_close(data->label_handle);
     data->label_handle = NULL;
-# endif
     VIR_FREE(data->domain_context);
     VIR_FREE(data->file_context);
     VIR_FREE(data->content_context);
@@ -719,14 +711,12 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
 
     data->skipAllLabel = false;
 
-#if HAVE_SELINUX_LABEL_H
     data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
     if (!data->label_handle) {
         virReportSystemError(errno, "%s",
                              _("cannot open SELinux label_handle"));
         return -1;
     }
-#endif
 
     if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) {
         virReportSystemError(errno,
@@ -777,10 +767,8 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
     return 0;
 
  error:
-#if HAVE_SELINUX_LABEL_H
     selabel_close(data->label_handle);
     data->label_handle = NULL;
-#endif
     VIR_FREE(data->domain_context);
     VIR_FREE(data->alt_domain_context);
     VIR_FREE(data->file_context);
@@ -1053,10 +1041,8 @@ virSecuritySELinuxDriverClose(virSecurityManagerPtr mgr)
     if (!data)
         return 0;
 
-#if HAVE_SELINUX_LABEL_H
     if (data->label_handle)
         selabel_close(data->label_handle);
-#endif
 
     virHashFree(data->mcs);
 
@@ -1279,7 +1265,7 @@ virSecuritySELinuxSetFileconImpl(const char *path,
 
     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
 
-    if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
+    if (setfilecon_raw(path, (const char *)tcon) < 0) {
         int setfilecon_errno = errno;
 
         if (getfilecon_raw(path, &econ) >= 0) {
@@ -1465,13 +1451,9 @@ static int
 getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
            const char *newpath, mode_t mode, security_context_t *fcon)
 {
-#if HAVE_SELINUX_LABEL_H
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
 
     return selabel_lookup_raw(data->label_handle, fcon, newpath, mode);
-#else
-    return matchpathcon(newpath, mode, fcon);
-#endif
 }
 
 
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index 6391f67360..3aeb47dea8 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -27,9 +27,7 @@
 # include <linux/magic.h>
 #endif
 #include <selinux/selinux.h>
-#if HAVE_SELINUX_LABEL_H
-# include <selinux/label.h>
-#endif
+#include <selinux/label.h>
 #include <sys/vfs.h>
 #include <unistd.h>
 #include <sys/xattr.h>
@@ -54,7 +52,6 @@ static const char *(*real_selinux_virtual_image_context_path)(void);
 static const char *(*real_selinux_lxc_contexts_path)(void);
 #endif
 
-#if HAVE_SELINUX_LABEL_H
 static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
                                                   VIR_SELINUX_OPEN_CONST
                                                   struct selinux_opt *opts,
@@ -64,7 +61,6 @@ static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
                                      security_context_t *con,
                                      const char *key,
                                      int type);
-#endif
 
 static void init_syms(void)
 {
@@ -82,11 +78,9 @@ static void init_syms(void)
     VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path);
 #endif
 
-#if HAVE_SELINUX_LABEL_H
     VIR_MOCK_REAL_INIT(selabel_open);
     VIR_MOCK_REAL_INIT(selabel_close);
     VIR_MOCK_REAL_INIT(selabel_lookup_raw);
-#endif
 }
 
 
@@ -143,7 +137,7 @@ int getpidcon(pid_t pid, security_context_t *context)
     return getpidcon_raw(pid, context);
 }
 
-int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
+int setcon_raw(const char *context)
 {
     if (!is_selinux_enabled()) {
         errno = EINVAL;
@@ -152,13 +146,13 @@ int setcon_raw(VIR_SELINUX_CTX_CONST char *context)
     return setenv("FAKE_SELINUX_CONTEXT", context, 1);
 }
 
-int setcon(VIR_SELINUX_CTX_CONST char *context)
+int setcon(const char *context)
 {
     return setcon_raw(context);
 }
 
 
-int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con)
+int setfilecon_raw(const char *path, const char *con)
 {
     const char *constr = con;
     if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
@@ -169,7 +163,7 @@ int setfilecon_raw(const char *path, VIR_SELINUX_CTX_CONST char *con)
                     constr, strlen(constr), 0);
 }
 
-int setfilecon(const char *path, VIR_SELINUX_CTX_CONST char *con)
+int setfilecon(const char *path, const char *con)
 {
     return setfilecon_raw(path, con);
 }
@@ -290,7 +284,6 @@ const char *selinux_lxc_contexts_path(void)
 }
 #endif
 
-#if HAVE_SELINUX_LABEL_H
 struct selabel_handle *
 selabel_open(unsigned int backend,
              VIR_SELINUX_OPEN_CONST struct selinux_opt *opts,
@@ -333,5 +326,3 @@ int selabel_lookup_raw(struct selabel_handle *handle,
     errno = ENOENT;
     return -1;
 }
-
-#endif
-- 
2.21.0




More information about the libvir-list mailing list