代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/glibc 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From: Aurelien Jarno <[email protected]>
Subject: [PATCH] makedb: fix build with libselinux >= 3.1
Date: Tue, 21 Jul 2020 07:01:16 +0200
Message-Id: <[email protected]>
URL: http://patchwork.sourceware.org/project/glibc/patch/[email protected]/
--------------------------------------------------------------------
glibc doesn't build with libselinux 3.1 that has been released recently
due to new deprecations introduced in that version and the fact that
glibc is built with -Werror by default:
| makedb.c: In function ‘set_file_creation_context’:
| makedb.c:849:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations]
| 849 | security_context_t ctx;
| | ^~~~~~~~~~~~~~~~~~
| makedb.c:863:3: error: ‘matchpathcon’ is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations]
| 863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
| | ^~
| In file included from makedb.c:50:
| /usr/include/selinux/selinux.h:500:12: note: declared here
| 500 | extern int matchpathcon(const char *path,
| | ^~~~~~~~~~~~
| cc1: all warnings being treated as errors
This patch is an attempt to fix that. It has only built tested, as I do
not have a system nor the knowledge to test that. I have checked that
the functions used as replacement are available since at least selinux
2.0.96, released more than 10 years ago, so we probably do not need any
version check in the configure script.
---
nss/makedb.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
I believe this patch is not acceptable for glibc 2.32, I guess we should
just add a #pragma to ignore -Werror=deprecated-declarations in that
file.
Note: there is the same issue in nscd/selinux.c. I plan to have a look
once we settle on a strategy.
diff --git a/nss/makedb.c b/nss/makedb.c
index 8e389a16837..a5c4b521172 100644
--- a/nss/makedb.c
+++ b/nss/makedb.c
@@ -47,6 +47,7 @@
/* SELinux support. */
#ifdef HAVE_SELINUX
+# include <selinux/label.h>
# include <selinux/selinux.h>
#endif
@@ -846,7 +847,8 @@ set_file_creation_context (const char *outname, mode_t mode)
{
static int enabled;
static int enforcing;
- security_context_t ctx;
+ struct selabel_handle *label_hnd = NULL;
+ char* ctx;
/* Check if SELinux is enabled, and remember. */
if (enabled == 0)
@@ -858,9 +860,16 @@ set_file_creation_context (const char *outname, mode_t mode)
if (enforcing == 0)
enforcing = security_getenforce () ? 1 : -1;
+ /* Open the file contexts backend. */
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (!label_hnd)
+ if (setfscreatecon (ctx) != 0)
+ error (enforcing > 0 ? EXIT_FAILURE : 0, 0,
+ gettext ("cannot initialize SELinux context"));
+
/* Determine the context which the file should have. */
ctx = NULL;
- if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
+ if (selabel_lookup(label_hnd, &ctx, outname, S_IFREG | mode) == 0 && ctx != NULL)
{
if (setfscreatecon (ctx) != 0)
error (enforcing > 0 ? EXIT_FAILURE : 0, 0,
@@ -868,7 +877,11 @@ set_file_creation_context (const char *outname, mode_t mode)
outname);
freecon (ctx);
+ selabel_close(label_hnd);
}
+
+ /* Close the file contexts backend. */
+ selabel_close(label_hnd);
}
static void
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手