[Reproducible-commits] [dpkg] 49/90: libcompat: Use string_to_security_class() instead of literal SECCLASS values
Jérémy Bobbio
lunar at moszumanska.debian.org
Sat Aug 29 18:26:15 UTC 2015
This is an automated email from the git hooks/post-receive script.
lunar pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit bba1ceccf591850c47dfc5ec9883c6af9dab34f7
Author: Guillem Jover <guillem at debian.org>
Date: Tue Jul 7 10:41:15 2015 +0200
libcompat: Use string_to_security_class() instead of literal SECCLASS values
The <selinux/flask.h> header is deprecated, and warns to use
string_to_security_class() instead of macro values.
---
debian/changelog | 3 +++
lib/compat/selinux.c | 8 ++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 420d947..b611fd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,9 @@ dpkg (1.18.2) UNRELEASED; urgency=low
* When sys_siglist is defined in the system, try to use NSIG as we cannot
compute the array size with sizeof(). If NSIG is missing fallback to 32
items. Prompted by Igor Pashev <pashev.igor at gmail.com>.
+ * Use string_to_security_class() instead of a literal SECCLASS value in
+ the setexecfilecon() libcompat function, as <selinux/flask.h> is now
+ deprecated.
* Perl modules:
- Remove non-functional timezone name support from
Dpkg::Changelog::Entry::Debian.
diff --git a/lib/compat/selinux.c b/lib/compat/selinux.c
index 0873175..7d3b33a 100644
--- a/lib/compat/selinux.c
+++ b/lib/compat/selinux.c
@@ -24,7 +24,6 @@
#include <stdlib.h>
#include <selinux/selinux.h>
-#include <selinux/flask.h>
#include <selinux/context.h>
#include "compat.h"
@@ -35,6 +34,7 @@ setexecfilecon(const char *filename, const char *fallback)
int rc;
security_context_t curcon = NULL, newcon = NULL, filecon = NULL;
+ security_class_t seclass;
context_t tmpcon = NULL;
if (is_selinux_enabled() < 1)
@@ -48,7 +48,11 @@ setexecfilecon(const char *filename, const char *fallback)
if (rc < 0)
goto out;
- rc = security_compute_create(curcon, filecon, SECCLASS_PROCESS, &newcon);
+ seclass = string_to_security_class("process");
+ if (seclass == 0)
+ goto out;
+
+ rc = security_compute_create(curcon, filecon, seclass, &newcon);
if (rc < 0)
goto out;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list