Re: security_context_t marked as deprecated in libselinux 3.1 - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: security_context_t marked as deprecated in libselinux 3.1
Date
Msg-id 20200813052241.GG11663@paquier.xyz
Whole thread Raw
In response to Re: security_context_t marked as deprecated in libselinux 3.1  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: security_context_t marked as deprecated in libselinux 3.1
Re: security_context_t marked as deprecated in libselinux 3.1
List pgsql-hackers
On Wed, Aug 12, 2020 at 10:50:21PM -0400, Tom Lane wrote:
> Ummm ... aren't you going to get some cast-away-const warnings now?
> Or are all of the called functions declared as taking "const char *"
> not just "char *"?

Let me see..  The function signatures we use have been visibly changed
in 9eb9c932, which comes down to a point between 2.2.2 and 2.3, and
there are two of them we care about, both use now "const char *":
- security_check_context_raw()
- security_compute_create_name_raw()
We claim in the docs that the minimum version of libselinux supported
is 2.1.10 (7a86fe1a from march 2012).

Then, the only buildfarm animal I know of testing selinux is
rhinoceros, that uses CentOS 7.1, and this visibly already bundles
libselinux 2.5 that was released in 2016 (2b69984), per the RPM list
here:
http://mirror.centos.org/centos/7/
Joe, what's the version of libselinux used in rhinoceros?  2.5?

Based on this information, what if we increased the minimum support to
2.3 then?  That's a release from 2014, and maintaining such legacy
code does not seem much worth the effort IMO.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Noah Misch
Date:
Subject: Re: run pgindent on a regular basis / scripted manner
Next
From: Jesse Zhang
Date:
Subject: Re: run pgindent on a regular basis / scripted manner