From patchwork Tue Jul 21 20:21:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Aurelien Jarno <aurelien@aurel32.net>
X-Patchwork-Id: 40140
Return-Path: <libc-alpha-bounces@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 0737A3857C6E;
	Tue, 21 Jul 2020 20:21:33 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1])
 by sourceware.org (Postfix) with ESMTPS id C7BB73857C6E
 for <libc-alpha@sourceware.org>; Tue, 21 Jul 2020 20:21:29 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C7BB73857C6E
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=aurel32.net
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=aurelien@aurel32.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aurel32.net
 ; s=202004.hall;
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:
 Message-Id:Date:Subject:Cc:To:From:From:Reply-To:Subject:Content-ID:
 Content-Description:In-Reply-To:References:X-Debbugs-Cc;
 bh=F4QxTWDBoPE6QzZOqNnFDO2/c8xT++91adaP8EkzCAg=; b=ll2P9dun6yjCMzjveRF91Go62J
 GYnaeTeLQX3r5Y42M5uUgyAkTzU1e0UN4VY0nYMQ/rtRhshsVAHLgShdRF/B/UafycTI36QKHBZju
 H6cWNUM07IyiEiK8YfEWk3jMbbCNK//7H0nbPmvwUUKRmZAUHcy4zfWcPH9qlCDkGDCmd6p44NkXO
 Rzh2u/UEbC8tq/eP6xX0f+rAp6CYjtGSH8nKNrxpdSnfyVQvcucjtbZCS8Vp2ZBHIKCuvbkLhrEd8
 OMubOgRMoNfH6ny/Go6Ku+s+zAjBmaC4q7JQBPvGlgQUTDCBpIxU4/zs9aQ56y9ZTcHv/1xlhWEpO
 /CNAuAiQ==;
Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr)
 by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <aurelien@aurel32.net>)
 id 1jxylU-00067k-NS; Tue, 21 Jul 2020 22:21:28 +0200
Received: from aurel32 by ohm.rr44.fr with local (Exim 4.94)
 (envelope-from <aurelien@aurel32.net>)
 id 1jxylS-001G97-HZ; Tue, 21 Jul 2020 22:21:26 +0200
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-alpha@sourceware.org
Subject: [PATCH] Workaround deprecation warnings introduced in libselinux >=
 3.1
Date: Tue, 21 Jul 2020 22:21:18 +0200
Message-Id: <20200721202118.300350-1-aurelien@aurel32.net>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
X-Spam-Status: No, score=-10.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_NUMSUBJECT,
 SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Errors-To: libc-alpha-bounces@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>

glibc doesn't build with libselinux 3.1 that has been released recently
due to new deprecations introduced in that version and the fact that
glibc is built with -Werror by default:

| makedb.c: In function ‘set_file_creation_context’:
| makedb.c:849:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations]
|   849 |   security_context_t ctx;
|       |   ^~~~~~~~~~~~~~~~~~
| makedb.c:863:3: error: ‘matchpathcon’ is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations]
|   863 |   if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
|       |   ^~
| In file included from makedb.c:50:
| /usr/include/selinux/selinux.h:500:12: note: declared here
|   500 | extern int matchpathcon(const char *path,
|       |            ^~~~~~~~~~~~
| cc1: all warnings being treated as errors

and

| selinux.c: In function ‘nscd_avc_init’:
| selinux.c:330:3: error: ‘avc_init’ is deprecated: Use avc_open and selinux_set_callback [-Werror=deprecated-declarations]
|   330 |   if (avc_init ("avc", NULL, &log_cb, &thread_cb, &lock_cb) < 0)
|       |   ^~
| In file included from selinux.c:31:
| /usr/include/selinux/avc.h:199:12: note: declared here
|   199 | extern int avc_init(const char *msgprefix,
|       |            ^~~~~~~~
| selinux.c: In function ‘nscd_request_avc_has_perm’:
| selinux.c:355:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations]
|   355 |   security_context_t scon = NULL;
|       |   ^~~~~~~~~~~~~~~~~~
| selinux.c:356:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations]
|   356 |   security_context_t tcon = NULL;
|       |   ^~~~~~~~~~~~~~~~~~
| selinux.c:419:5: error: ‘sidput’ is deprecated [-Werror=deprecated-declarations]
|   419 |     sidput (ssid);
|       |     ^~~~~~
| In file included from selinux.c:31:
| /usr/include/selinux/avc.h:83:12: note: declared here
|    83 | extern int sidput(security_id_t sid)
|       |            ^~~~~~
| selinux.c:421:5: error: ‘sidput’ is deprecated [-Werror=deprecated-declarations]
|   421 |     sidput (tsid);
|       |     ^~~~~~
| In file included from selinux.c:31:
| /usr/include/selinux/avc.h:83:12: note: declared here
|    83 | extern int sidput(security_id_t sid)
|       |            ^~~~~~
| cc1: all warnings being treated as errors

This patch workarounds the issue until the deprecated code is
rewritten. #pragma GCC diagnostic annotations are used to disable
-Wdeprecated-declarations warning in the problematic functions. This is
probably the safest option for stable releases to avoid introducing
regressions.
---
 nscd/selinux.c | 6 ++++++
 nss/makedb.c   | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/nscd/selinux.c b/nscd/selinux.c
index a4ea8008e20..0411e0f7fdf 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -322,6 +322,8 @@ avc_free_lock (void *lock)
 
 /* Initialize the user space access vector cache (AVC) for NSCD along with
    log/thread/lock callbacks.  */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 void
 nscd_avc_init (void)
 {
@@ -335,6 +337,7 @@ nscd_avc_init (void)
   audit_init ();
 #endif
 }
+#pragma GCC diagnostic pop
 
 
 /* Check the permission from the caller (via getpeercon) to nscd.
@@ -348,6 +351,8 @@ nscd_avc_init (void)
    use security_deny_unknown to determine what to do if selinux-policy* doesn't
    have a definition for the the permission or object class we are looking
    up.  */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 int
 nscd_request_avc_has_perm (int fd, request_type req)
 {
@@ -422,6 +427,7 @@ out:
 
   return rc;
 }
+#pragma GCC diagnostic pop
 
 
 /* Wrapper to get AVC statistics.  */
diff --git a/nss/makedb.c b/nss/makedb.c
index 8e389a16837..7a365894cec 100644
--- a/nss/makedb.c
+++ b/nss/makedb.c
@@ -841,6 +841,8 @@ print_database (int fd)
 
 
 #ifdef HAVE_SELINUX
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 static void
 set_file_creation_context (const char *outname, mode_t mode)
 {
@@ -870,6 +872,7 @@ set_file_creation_context (const char *outname, mode_t mode)
       freecon (ctx);
     }
 }
+#pragma GCC diagnostic pop
 
 static void
 reset_file_creation_context (void)