1 files changed, 104 insertions, 0 deletions

diff --git a/Disable-warnings-due-to-deprecated-libselinux-symbol.patch b/Disable-warnings-due-to-deprecated-libselinux-symbol.patch
new file mode 100644
index 0000000..25e6d57
--- /dev/null
+++ b/Disable-warnings-due-to-deprecated-libselinux-symbol.patch
@@ -0,0 +1,104 @@
+From 04726be814c6fd6d9cf974e15d684dd3ac1a180e Mon Sep 17 00:00:00 2001
+From: Arjun Shankar <arjun@redhat.com>
+Date: Thu, 23 Jul 2020 12:20:38 +0200
+Subject: [PATCH] Disable warnings due to deprecated libselinux symbols used by
+ nss and nscd
+
+The SELinux API deprecated several symbols in its 3.1 release, including
+security_context_t, matchpathcon, avc_init, and sidput, which are used in
+makedb and nscd.  While the usage of these should eventually be replaced by
+newer interfaces, this commit disables GCC warnings due to the use of the
+above symbols.
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+Tested-by: Carlos O'Donell <carlos@redhat.com>
+---
+ nscd/selinux.c | 15 +++++++++++++++
+ nss/makedb.c   |  9 +++++++++
+ 2 files changed, 24 insertions(+)
+
+diff --git a/nscd/selinux.c b/nscd/selinux.c
+index a4ea8008e2..1ebf924826 100644
+--- a/nscd/selinux.c
++++ b/nscd/selinux.c
+@@ -33,6 +33,7 @@
+ #ifdef HAVE_LIBAUDIT
+ # include <libaudit.h>
+ #endif
++#include <libc-diag.h>
+ 
+ #include "dbg_log.h"
+ #include "selinux.h"
+@@ -320,6 +321,12 @@ avc_free_lock (void *lock)
+ }
+ 
+ 
++/* avc_init (along with several other symbols) was marked as deprecated by the
++   SELinux API starting from version 3.1.  We use it here, but should
++   eventually switch to the newer API.  */
++DIAG_PUSH_NEEDS_COMMENT
++DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
++
+ /* Initialize the user space access vector cache (AVC) for NSCD along with
+    log/thread/lock callbacks.  */
+ void
+@@ -335,7 +342,14 @@ nscd_avc_init (void)
+   audit_init ();
+ #endif
+ }
++DIAG_POP_NEEDS_COMMENT
++
+ 
++/* security_context_t and sidput (along with several other symbols) were marked
++   as deprecated by the SELinux API starting from version 3.1.  We use them
++   here, but should eventually switch to the newer API.  */
++DIAG_PUSH_NEEDS_COMMENT
++DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
+ 
+ /* Check the permission from the caller (via getpeercon) to nscd.
+    Returns 0 if access is allowed, 1 if denied, and -1 on error.
+@@ -422,6 +436,7 @@ out:
+ 
+   return rc;
+ }
++DIAG_POP_NEEDS_COMMENT
+ 
+ 
+ /* Wrapper to get AVC statistics.  */
+diff --git a/nss/makedb.c b/nss/makedb.c
+index 8e389a1683..8e1e8ec9ad 100644
+--- a/nss/makedb.c
++++ b/nss/makedb.c
+@@ -38,6 +38,7 @@
+ #include <sys/stat.h>
+ #include <sys/uio.h>
+ #include "nss_db/nss_db.h"
++#include <libc-diag.h>
+ 
+ /* Get libc version number.  */
+ #include "../version.h"
+@@ -841,6 +842,13 @@ print_database (int fd)
+ 
+ 
+ #ifdef HAVE_SELINUX
++
++/* security_context_t and matchpathcon (along with several other symbols) were
++   marked as deprecated by the SELinux API starting from version 3.1.  We use
++   them here, but should eventually switch to the newer API.  */
++DIAG_PUSH_NEEDS_COMMENT
++DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
++
+ static void
+ set_file_creation_context (const char *outname, mode_t mode)
+ {
+@@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode)
+       freecon (ctx);
+     }
+ }
++DIAG_POP_NEEDS_COMMENT
+ 
+ static void
+ reset_file_creation_context (void)
+-- 
+2.23.0
+