[Reproducible-commits] [dpkg] 49/90: libcompat: Use string_to_security_class() instead of literal SECCLASS values

Jérémy Bobbio lunar at moszumanska.debian.org
Sat Aug 29 18:26:15 UTC 2015 

This is an automated email from the git hooks/post-receive script.

lunar pushed a commit to branch pu/reproducible_builds
in repository dpkg.

commit bba1ceccf591850c47dfc5ec9883c6af9dab34f7
Author: Guillem Jover <guillem at debian.org>
Date:   Tue Jul 7 10:41:15 2015 +0200

    libcompat: Use string_to_security_class() instead of literal SECCLASS values
    
    The <selinux/flask.h> header is deprecated, and warns to use
    string_to_security_class() instead of macro values.
---
 debian/changelog     | 3 +++
 lib/compat/selinux.c | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 420d947..b611fd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,9 @@ dpkg (1.18.2) UNRELEASED; urgency=low
   * When sys_siglist is defined in the system, try to use NSIG as we cannot
     compute the array size with sizeof(). If NSIG is missing fallback to 32
     items. Prompted by Igor Pashev <pashev.igor at gmail.com>.
+  * Use string_to_security_class() instead of a literal SECCLASS value in
+    the setexecfilecon() libcompat function, as <selinux/flask.h> is now
+    deprecated.
   * Perl modules:
     - Remove non-functional timezone name support from
       Dpkg::Changelog::Entry::Debian.
diff --git a/lib/compat/selinux.c b/lib/compat/selinux.c
index 0873175..7d3b33a 100644
--- a/lib/compat/selinux.c
+++ b/lib/compat/selinux.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 
 #include <selinux/selinux.h>
-#include <selinux/flask.h>
 #include <selinux/context.h>
 
 #include "compat.h"
@@ -35,6 +34,7 @@ setexecfilecon(const char *filename, const char *fallback)
 	int rc;
 
 	security_context_t curcon = NULL, newcon = NULL, filecon = NULL;
+	security_class_t seclass;
 	context_t tmpcon = NULL;
 
 	if (is_selinux_enabled() < 1)
@@ -48,7 +48,11 @@ setexecfilecon(const char *filename, const char *fallback)
 	if (rc < 0)
 		goto out;
 
-	rc = security_compute_create(curcon, filecon, SECCLASS_PROCESS, &newcon);
+	seclass = string_to_security_class("process");
+	if (seclass == 0)
+		goto out;
+
+	rc = security_compute_create(curcon, filecon, seclass, &newcon);
 	if (rc < 0)
 		goto out;
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list