Disable warnings due to deprecated libselinux symbols used by nss and nscd

The SELinux API deprecated several symbols in its 3.1 release, including
security_context_t, matchpathcon, avc_init, and sidput, which are used in
makedb and nscd.  While the usage of these should eventually be replaced by
newer interfaces, this commit disables GCC warnings due to the use of the
above symbols.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
This commit is contained in:
Arjun Shankar 2020-07-23 12:20:38 +02:00
parent ba0ec34c62
commit 04726be814
2 changed files with 24 additions and 0 deletions

View File

@ -33,6 +33,7 @@
#ifdef HAVE_LIBAUDIT
# include <libaudit.h>
#endif
#include <libc-diag.h>
#include "dbg_log.h"
#include "selinux.h"
@ -320,6 +321,12 @@ avc_free_lock (void *lock)
}
/* avc_init (along with several other symbols) was marked as deprecated by the
SELinux API starting from version 3.1. We use it here, but should
eventually switch to the newer API. */
DIAG_PUSH_NEEDS_COMMENT
DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
/* Initialize the user space access vector cache (AVC) for NSCD along with
log/thread/lock callbacks. */
void
@ -335,8 +342,15 @@ nscd_avc_init (void)
audit_init ();
#endif
}
DIAG_POP_NEEDS_COMMENT
/* security_context_t and sidput (along with several other symbols) were marked
as deprecated by the SELinux API starting from version 3.1. We use them
here, but should eventually switch to the newer API. */
DIAG_PUSH_NEEDS_COMMENT
DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
/* Check the permission from the caller (via getpeercon) to nscd.
Returns 0 if access is allowed, 1 if denied, and -1 on error.
@ -422,6 +436,7 @@ out:
return rc;
}
DIAG_POP_NEEDS_COMMENT
/* Wrapper to get AVC statistics. */

View File

@ -38,6 +38,7 @@
#include <sys/stat.h>
#include <sys/uio.h>
#include "nss_db/nss_db.h"
#include <libc-diag.h>
/* Get libc version number. */
#include "../version.h"
@ -841,6 +842,13 @@ print_database (int fd)
#ifdef HAVE_SELINUX
/* security_context_t and matchpathcon (along with several other symbols) were
marked as deprecated by the SELinux API starting from version 3.1. We use
them here, but should eventually switch to the newer API. */
DIAG_PUSH_NEEDS_COMMENT
DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
static void
set_file_creation_context (const char *outname, mode_t mode)
{
@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode)
freecon (ctx);
}
}
DIAG_POP_NEEDS_COMMENT
static void
reset_file_creation_context (void)