[libvirt] [PATCH 04/25] m4: virt-selinux: remove obsolete checks

Daniel P. Berrangé berrange at redhat.com
Tue Oct 22 10:07:54 UTC 2019 

On Mon, Oct 21, 2019 at 02:51:32PM +0200, Ján Tomko wrote:
> On Mon, Oct 21, 2019 at 10:00:29AM +0200, Pavel Hrdina wrote:
> > All OSes that we support have libselinux >= 2.5 except for Ubuntu 16.04
> > where the version is 2.4.
> > 
> > Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
> > ---
> > m4/virt-selinux.m4              | 20 ++------------------
> > src/qemu/qemu_domain.c          |  4 ++--
> > src/security/security_selinux.c | 22 ++--------------------
> > tests/securityselinuxhelper.c   | 19 +++++--------------
> > 4 files changed, 11 insertions(+), 54 deletions(-)
> > 
> > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> > index a97bf65e7f..71478319a6 100644
> > --- a/src/qemu/qemu_domain.c
> > +++ b/src/qemu/qemu_domain.c
> > @@ -13262,7 +13262,7 @@ qemuDomainCreateDeviceRecursive(const char *device,
> >     }
> > 
> >     if (tcon &&
> > -        lsetfilecon_raw(devicePath, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
> > +        lsetfilecon_raw(devicePath, (const char *)tcon) < 0) {
> 
> I'm confused - why do we use a cast here in the first place?
> 
> The original failure was that the definition of our mocked versions of the APIs did not
> match the declaration in system selinux headers:
> https://www.redhat.com/archives/libvir-list/2014-May/msg00925.html
> 
> Passing char* to a function treating it as const char* is allowed and I don't
> see any benefit of explicitly casting it.

IIUC the situation is the reverse.

SELinux used to declare the parameter 'security_context_t' which lacks
'const'. So we would have been passing a 'const char*' to a 'char *'
and thus need to explicitly discard const - in this case
VIR_SELINUX_CTX_CONST would have expanded to no-op.

That said it is redundant in this situation as we either have

   const char * -> char * -> char *

or

   const char * -> const char * -> const char *

If we had left out the VIR_SELINUX_CTX_CONST, the second would have
been

   const char * -> char * -> const char *

which is still fine - just uncessarily discarding const


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list