[Bug nss/26233] New: matchpathcon and security_context_t are deprecated by libselinux API

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] New: matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

            Bug ID: 26233
           Summary: matchpathcon and security_context_t are deprecated by
                    libselinux API
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nss
          Assignee: unassigned at sourceware dot org
          Reporter: arjun.is at lostca dot se
  Target Milestone: ---

Found this while building master into a Fedora Rawhide package:

matchpathcon was deprecated:
https://github.com/SELinuxProject/selinux/commit/c7020954caea

security_context_t was removed from usage:
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563
then deprecated:
https://github.com/SELinuxProject/selinux/commit/7a124ca27581

These are used in nss and nscd and the uses now need to be replaced.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

Arjun Shankar <arjun.is at lostca dot se> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at sourceware dot org   |arjun.is at lostca dot se

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

jsegitz at suse dot de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jsegitz at suse dot de

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-
                 CC|                            |fweimer at redhat dot com

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

John Paul Adrian Glaubitz <glaubitz at physik dot fu-berlin.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |glaubitz at physik dot fu-berlin.d
                   |                            |e

--- Comment #1 from John Paul Adrian Glaubitz <glaubitz at physik dot fu-berlin.de> ---
This actually makes the build fail on m68k when building with -Werror:

makedb.c: In function 'set_file_creation_context':
makedb.c:849:3: error: 'security_context_t' is deprecated
[-Werror=deprecated-declarations]
  849 |   security_context_t ctx;
      |   ^~~~~~~~~~~~~~~~~~
makedb.c:863:3: error: 'matchpathcon' is deprecated: Use selabel_lookup instead
[-Werror=deprecated-declarations]
  863 |   if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
      |   ^~
In file included from makedb.c:50:
/usr/include/selinux/selinux.h:500:12: note: declared here
  500 | extern int matchpathcon(const char *path,
      |            ^~~~~~~~~~~~
cc1: all warnings being treated as errors

See:
https://buildd.debian.org/status/fetch.php?pkg=glibc&arch=m68k&ver=2.31-1&stamp=1595330718&raw=0

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

John Paul Adrian Glaubitz <glaubitz at physik dot fu-berlin.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aurelien at aurel32 dot net,
                   |                            |[hidden email]

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

Andreas Schwab <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|[hidden email]       |

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

--- Comment #2 from Arjun Shankar <arjun.is at lostca dot se> ---
> This actually makes the build fail on m68k when building with -Werror:

Right. It already failed when building glibc for Fedora rawhide as well. There
is one additional problem area: nscd/selinux.c also uses some deprecated
symbols.

As of now, it appears that for 2.32, we will end up disabling these via a
compiler pragma to disable the warning, and work on porting to newer API once
2.32 is released.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug nss/26233] matchpathcon and security_context_t are deprecated by libselinux API

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26233

--- Comment #3 from Arjun Shankar <arjun.is at lostca dot se> ---
The warnings due to these deprecated symbols have been suppressed leading up to
2.32:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=04726be814c6

This doesn't fix the actual bug but will let us build glibc-2.32 with -Werror
on systems with libselinux >= 3.1.

We should port to the new API before 2.33. There should be some ideas in this
selinux development mailing list tread:
https://lore.kernel.org/selinux/39f23208-c9df-c16d-6513-49b3fd234fc7@.../T/#t

--
You are receiving this mail because:
You are on the CC list for the bug.