From: Petr Lautrbach <lautrbach@redhat.com>
To: Kalevi Kolttonen <kalevi@kolttonen.fi>,
selinux-list <selinux@vger.kernel.org>
Subject: Re: SELinux userspace does not build on Fedora 44
Date: Thu, 07 May 2026 11:33:49 +0200 [thread overview]
Message-ID: <878q9v8sxu.fsf@redhat.com> (raw)
In-Reply-To: <afvtC0DVQkt6rtAD@14-5A-FC-31-E8-67>
Kalevi Kolttonen <kalevi@kolttonen.fi> writes:
> Hello!
>
> I have problems compiling SELinux userspace on Fedora 44.
> I mean the main branch. The compiler is:
>
> gcc (GCC) 16.1.1 20260501 (Red Hat 16.1.1-1)
> Copyright (C) 2026 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
>
> The first error is:
>
> -------------------------------------------------------------------------------
> selinux_config.c: In function ‘selinux_set_policy_root’:
> selinux_config.c:284:29: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 284 | char *policy_type = strrchr(path, '/');
> | ^~~~~~~
> cc1: all warnings being treated as errors
> make[2]: *** [Makefile:179: selinux_config.o] Error 1
> -------------------------------------------------------------------------------
>
> It can be fixed by this:
>
> -------------------------------------------------------------------------------
> --- selinux/libselinux/src/selinux_config.c 2026-05-02 01:09:23.084896619 +0300
> +++ selinux-buildaus/libselinux/src/selinux_config.c 2026-05-07 03:52:10.344519900 +0300
> @@ -281,7 +281,7 @@
> int selinux_set_policy_root(const char *path)
> {
> int i;
> - char *policy_type = strrchr(path, '/');
> + const char *policy_type = strrchr(path, '/');
> if (!policy_type) {
> errno = EINVAL;
> return -1;
> -------------------------------------------------------------------------------
>
> The second error is:
>
> -------------------------------------------------------------------------------
> direct_api.c: In function ‘semanage_direct_install_file’:
> direct_api.c:1781:27: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 1781 | separator = strrchr(filename, '.');
> | ^
> direct_api.c:1791:19: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 1791 | separator = strrchr(filename, '.');
> | ^
> cc1: all warnings being treated as errors
> make[2]: *** [Makefile:114: direct_api.o] Error 1
> -------------------------------------------------------------------------------
>
> It can be fixed by this. Note: I did not add 'const' qualifier to
> 'separator' because the string is modified in the function.
>
> -------------------------------------------------------------------------------
> --- selinux/libsemanage/src/direct_api.c 2026-05-02 01:09:23.095896604 +0300
> +++ selinux-buildaus/libsemanage/src/direct_api.c 2026-05-07 04:01:26.969729078 +0300
> @@ -1755,7 +1755,7 @@
>
> int retval = -1;
> char *path = NULL;
> - const char *filename;
> + char *filename;
> const char *lang_ext = NULL;
> char *module_name = NULL;
> char *separator;
> -------------------------------------------------------------------------------
>
> The third error is:
>
> -------------------------------------------------------------------------------
> semanage_store.c: In function ‘semanage_exec_prog’:
> semanage_store.c:1307:16: error: variable ‘a’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
> 1307 | char **a;
> | ^
> semanage_store.c:1265:15: error: variable ‘new_s’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
> 1265 | char *new_s = realloc(s, len + 2);
> | ^~~~~
> semanage_store.c:1265:15: error: variable ‘new_s’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
> cc1: all warnings being treated as errors
> make[2]: *** [Makefile:114: semanage_store.o] Error 1
> -------------------------------------------------------------------------------
>
> I see a vfork() there I but am unable to determine whether this
> error is for real or not. As temporary work-around I added:
>
> -Wno-clobbered
>
> to the Makefile.
>
>
> -------------------------------------------------------------------------------
>
> The fourth error is:
>
> -------------------------------------------------------------------------------
>
> utilities.c: In function ‘semanage_str_replace’:
> utilities.c:248:16: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 248 | for (p = strstr(src, search); p != NULL; p = strstr(p + slen, search)) {
> | ^
> utilities.c:265:16: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 265 | for (p = strstr(src, search); p != NULL; p = strstr(psrc, search)) {
> | ^
> utilities.c:265:52: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 265 | for (p = strstr(src, search); p != NULL; p = strstr(psrc, search)) {
> | ^
> utilities.c: In function ‘semanage_basename’:
> utilities.c:358:19: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 358 | char *p = strrchr(filename, '/');
> | ^~~~~~~
>
> -------------------------------------------------------------------------------
>
> I did the following to fix:
>
> -------------------------------------------------------------------------------
> --- selinux/libsemanage/src/utilities.c 2026-05-02 01:09:23.099896599 +0300
> +++ selinux-buildaus/libsemanage/src/utilities.c 2026-05-07 04:24:08.992732849 +0300
> @@ -234,7 +234,8 @@
> const char *src, size_t lim)
> {
> size_t count = 0, slen, rlen, newsize;
> - char *p, *pres, *result;
> + const char *p;
> + char *pres, *result;
> const char *psrc;
>
> slen = strlen(search);
> @@ -353,8 +354,8 @@
> #ifdef __GNUC__
> __attribute__((nonnull))
> #endif
> -char *semanage_basename(const char *filename)
> +const char *semanage_basename(const char *filename)
> {
> - char *p = strrchr(filename, '/');
> - return p ? p + 1 : (char *)filename;
> + const char *p = strrchr(filename, '/');
> + return p ? p + 1 : filename;
> }
> -------------------------------------------------------------------------------
> --- selinux/libsemanage/src/utilities.h 2026-05-02 01:09:23.099896599 +0300
> +++ selinux-buildaus/libsemanage/src/utilities.h 2026-05-07 04:25:03.279160082 +0300
> @@ -167,6 +167,6 @@
> #ifdef __GNUC__
> __attribute__((nonnull))
> #endif
> -char *semanage_basename(const char *filename);
> +const char *semanage_basename(const char *filename);
>
> #endif
> -------------------------------------------------------------------------------
>
> The fifth error:
>
> -------------------------------------------------------------------------------
> secon.c: In function ‘my_getXcon_raw’:
> secon.c:365:29: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
> 365 | char *tmp = strchr(ptr, '\n');
> | ^~~~~~
> cc1: all warnings being treated as errors
> make[2]: *** [<builtin>: secon.o] Error 1
> -------------------------------------------------------------------------------
>
> Fix:
>
> -------------------------------------------------------------------------------
> --- selinux/policycoreutils/secon/secon.c 2026-05-02 01:09:23.152597184 +0300
> +++ selinux-buildaus/policycoreutils/secon/secon.c 2026-05-07 04:30:27.330279405 +0300
> @@ -348,7 +348,7 @@
> {
> char buf[4096];
> FILE *fp = NULL;
> - const char *ptr = NULL;
> + char *ptr = NULL;
>
> snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid,
> val);
> -------------------------------------------------------------------------------
>
> After these changes, the build completed, but I am not at all
> sure whether the fixes are correct.
>
Look at these patches and provide Tested-by if they work for you:
https://patchwork.kernel.org/project/selinux/list/?series=1086260
https://patchwork.kernel.org/project/selinux/patch/20260427123304.74899-1-lautrbach@redhat.com/
As a workaround you set build flags used in Fedora to avoid -Werror:
$ sudo dnf install redhat-rpm-config
$ source <( rpm --eval '%{set_build_flags}' )
$ make DESTDIR=/home/user/tmp/obj install install-rubywrap install-pywrap
Petr
next prev parent reply other threads:[~2026-05-07 9:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 1:38 SELinux userspace does not build on Fedora 44 Kalevi Kolttonen
2026-05-07 9:33 ` Petr Lautrbach [this message]
2026-05-07 9:54 ` Kalevi Kolttonen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878q9v8sxu.fsf@redhat.com \
--to=lautrbach@redhat.com \
--cc=kalevi@kolttonen.fi \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.