Disable warnings due to deprecated libselinux symbols used by nss and nscd

The SELinux API deprecated several symbols in its 3.1 release, including security_context_t, matchpathcon, avc_init, and sidput, which are used in makedb and nscd. While the usage of these should eventually be replaced by newer interfaces, this commit disables GCC warnings due to the use of the above symbols. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2024-11-08 14:20:07 +00:00 · 2020-07-23 12:20:38 +02:00 · 2020-07-23 12:20:38 +02:00 · 04726be814
commit 04726be814
parent ba0ec34c62
2 changed files with 24 additions and 0 deletions
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@ -33,6 +33,7 @@
 #ifdef HAVE_LIBAUDIT
 # include <libaudit.h>
 #endif
+#include <libc-diag.h>

 #include "dbg_log.h"
 #include "selinux.h"
@ -320,6 +321,12 @@ avc_free_lock (void *lock)
 }


+/* avc_init (along with several other symbols) was marked as deprecated by the
+   SELinux API starting from version 3.1.  We use it here, but should
+   eventually switch to the newer API.  */
+DIAG_PUSH_NEEDS_COMMENT
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
+
 /* Initialize the user space access vector cache (AVC) for NSCD along with
   log/thread/lock callbacks.  */
 void
@ -335,8 +342,15 @@ nscd_avc_init (void)
  audit_init ();
 #endif
 }
+DIAG_POP_NEEDS_COMMENT


+/* security_context_t and sidput (along with several other symbols) were marked
+   as deprecated by the SELinux API starting from version 3.1.  We use them
+   here, but should eventually switch to the newer API.  */
+DIAG_PUSH_NEEDS_COMMENT
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
+
 /* Check the permission from the caller (via getpeercon) to nscd.
   Returns 0 if access is allowed, 1 if denied, and -1 on error.

@ -422,6 +436,7 @@ out:

  return rc;
 }
+DIAG_POP_NEEDS_COMMENT


 /* Wrapper to get AVC statistics.  */
--- a/nss/makedb.c
+++ b/nss/makedb.c
@ -38,6 +38,7 @@
 #include <sys/stat.h>
 #include <sys/uio.h>
 #include "nss_db/nss_db.h"
+#include <libc-diag.h>

 /* Get libc version number.  */
 #include "../version.h"
@ -841,6 +842,13 @@ print_database (int fd)


 #ifdef HAVE_SELINUX
+
+/* security_context_t and matchpathcon (along with several other symbols) were
+   marked as deprecated by the SELinux API starting from version 3.1.  We use
+   them here, but should eventually switch to the newer API.  */
+DIAG_PUSH_NEEDS_COMMENT
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
+
 static void
 set_file_creation_context (const char *outname, mode_t mode)
 {
@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode)
      freecon (ctx);
    }
 }
+DIAG_POP_NEEDS_COMMENT

 static void
 reset_file_creation_context (void)