* [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with glibc 2.43
@ 2026-03-12 15:08 Dustin Kirkland
2026-04-27 12:32 ` Petr Lautrbach
0 siblings, 1 reply; 4+ messages in thread
From: Dustin Kirkland @ 2026-03-12 15:08 UTC (permalink / raw)
To: selinux
https://github.com/SELinuxProject/selinux/pull/507
In my_getXcon_raw(), ptr is declared as const char * but is
assigned from fgets(), which returns char *. With glibc 2.43,
strchr(const char *, int) now correctly returns const char *
(matching the constness of its input), so the subsequent assignment
to char *tmp triggers a build failure:
secon.c: In function 'my_getXcon_raw':
secon.c:365:18: error: initialization discards 'const' qualifier from
pointer target type [-Werror=discarded-qualifiers]
365 | char *tmp = strchr(ptr, '\n');
| ^~~~~~
This breaks builds on any system with glibc 2.43+ and gcc with
-Werror (which the SELinux Makefile uses).
Fix
The const on ptr was always incorrect:
fgets() returns char * (a mutable pointer into buf, which is
char[4096])
The result of strchr() through ptr is immediately used mutably:
*tmp = 0
Remove the erroneous const qualifier from ptr.
Relation to issue #506
This is the same class of bug reported in #506
(libselinux/src/selinux_config.c:284). That issue covers
strrchr() in selinux_set_policy_root(); this patch covers
strchr() in my_getXcon_raw() in policycoreutils/secon/secon.c.
Both instances have the same root cause: a local variable was
unnecessarily const-qualified, which glibc 2.43's strengthened
strchr/strrchr const-propagation now correctly rejects.
Testing
Verified by building policycoreutils version 3.10 against glibc 2.43
on a Wolfi-based system (Chainguard) where this was a build failure.
Signed-off-by: Dustin Kirkland dustin.kirkland@chainguard.dev
From fe074290a6eff8f12345350ea2938bb0e5e5bc5a Mon Sep 17 00:00:00 2001
From: Dustin Kirkland <dustin.kirkland@chainguard.dev>
Date: Thu, 12 Mar 2026 09:55:17 -0500
Subject: [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with
glibc 2.43
In my_getXcon_raw(), ptr is declared as const char * but is assigned
from fgets(), which returns char *. With glibc 2.43, strchr(const char
*, int) now returns const char *, so the subsequent assignment to
char *tmp triggers:
secon.c:365:18: error: initialization discards 'const' qualifier
from pointer target type [-Werror=discarded-qualifiers]
The const on ptr was always incorrect: fgets() returns a mutable
pointer into buf (a char[4096]), and the result of strchr() through
ptr is written to via *tmp = 0. Remove the erroneous const.
This is the same class of bug reported in issue #506
(libselinux/src/selinux_config.c:284). The fix here is analogous:
the variable should not have been const-qualified in the first place.
Signed-off-by: Dustin Kirkland <dustin.kirkland@chainguard.dev>
---
policycoreutils/secon/secon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
index d624fa136f..9a05cf1959 100644
--- a/policycoreutils/secon/secon.c
+++ b/policycoreutils/secon/secon.c
@@ -348,7 +348,7 @@ static int my_getXcon_raw(pid_t pid, char **con,
const char *val)
{
char buf[4096];
FILE *fp = NULL;
- const char *ptr = NULL;
+ char *ptr = NULL;
snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid,
val);
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with glibc 2.43
2026-03-12 15:08 [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with glibc 2.43 Dustin Kirkland
@ 2026-04-27 12:32 ` Petr Lautrbach
2026-04-27 12:47 ` Petr Lautrbach
0 siblings, 1 reply; 4+ messages in thread
From: Petr Lautrbach @ 2026-04-27 12:32 UTC (permalink / raw)
To: selinux; +Cc: Dustin Kirkland
From: Dustin Kirkland <dustin.kirkland@chainguard.dev>
In my_getXcon_raw(), ptr is declared as const char * but is assigned
from fgets(), which returns char *. With glibc 2.43, strchr(const char
*, int) now returns const char *, so the subsequent assignment to
char *tmp triggers:
secon.c:365:18: error: initialization discards 'const' qualifier
from pointer target type [-Werror=discarded-qualifiers]
The const on ptr was always incorrect: fgets() returns a mutable
pointer into buf (a char[4096]), and the result of strchr() through
ptr is written to via *tmp = 0. Remove the erroneous const.
This is the same class of bug reported in issue #506
(libselinux/src/selinux_config.c:284). The fix here is analogous:
the variable should not have been const-qualified in the first place.
Signed-off-by: Dustin Kirkland <dustin.kirkland@chainguard.dev>
---
Resent of the original patch downloaded from githu as the original patch in the
email was slightly broken.
policycoreutils/secon/secon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
index d624fa136f3e..9a05cf1959ba 100644
--- a/policycoreutils/secon/secon.c
+++ b/policycoreutils/secon/secon.c
@@ -348,7 +348,7 @@ static int my_getXcon_raw(pid_t pid, char **con, const char *val)
{
char buf[4096];
FILE *fp = NULL;
- const char *ptr = NULL;
+ char *ptr = NULL;
snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid,
val);
--
2.54.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with glibc 2.43
2026-04-27 12:32 ` Petr Lautrbach
@ 2026-04-27 12:47 ` Petr Lautrbach
2026-05-12 18:05 ` James Carter
0 siblings, 1 reply; 4+ messages in thread
From: Petr Lautrbach @ 2026-04-27 12:47 UTC (permalink / raw)
To: selinux; +Cc: Dustin Kirkland
Petr Lautrbach <lautrbach@redhat.com> writes:
> From: Dustin Kirkland <dustin.kirkland@chainguard.dev>
>
> In my_getXcon_raw(), ptr is declared as const char * but is assigned
> from fgets(), which returns char *. With glibc 2.43, strchr(const char
> *, int) now returns const char *, so the subsequent assignment to
> char *tmp triggers:
>
> secon.c:365:18: error: initialization discards 'const' qualifier
> from pointer target type [-Werror=discarded-qualifiers]
>
> The const on ptr was always incorrect: fgets() returns a mutable
> pointer into buf (a char[4096]), and the result of strchr() through
> ptr is written to via *tmp = 0. Remove the erroneous const.
>
> This is the same class of bug reported in issue #506
> (libselinux/src/selinux_config.c:284). The fix here is analogous:
> the variable should not have been const-qualified in the first place.
>
> Signed-off-by: Dustin Kirkland <dustin.kirkland@chainguard.dev>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
> ---
>
> Resent of the original patch downloaded from githu as the original patch in the
> email was slightly broken.
>
> policycoreutils/secon/secon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
> index d624fa136f3e..9a05cf1959ba 100644
> --- a/policycoreutils/secon/secon.c
> +++ b/policycoreutils/secon/secon.c
> @@ -348,7 +348,7 @@ static int my_getXcon_raw(pid_t pid, char **con, const char *val)
> {
> char buf[4096];
> FILE *fp = NULL;
> - const char *ptr = NULL;
> + char *ptr = NULL;
>
> snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid,
> val);
> --
> 2.54.0
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with glibc 2.43
2026-04-27 12:47 ` Petr Lautrbach
@ 2026-05-12 18:05 ` James Carter
0 siblings, 0 replies; 4+ messages in thread
From: James Carter @ 2026-05-12 18:05 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: selinux, Dustin Kirkland
On Mon, Apr 27, 2026 at 8:54 AM Petr Lautrbach <lautrbach@redhat.com> wrote:
>
> Petr Lautrbach <lautrbach@redhat.com> writes:
>
> > From: Dustin Kirkland <dustin.kirkland@chainguard.dev>
> >
> > In my_getXcon_raw(), ptr is declared as const char * but is assigned
> > from fgets(), which returns char *. With glibc 2.43, strchr(const char
> > *, int) now returns const char *, so the subsequent assignment to
> > char *tmp triggers:
> >
> > secon.c:365:18: error: initialization discards 'const' qualifier
> > from pointer target type [-Werror=discarded-qualifiers]
> >
> > The const on ptr was always incorrect: fgets() returns a mutable
> > pointer into buf (a char[4096]), and the result of strchr() through
> > ptr is written to via *tmp = 0. Remove the erroneous const.
> >
> > This is the same class of bug reported in issue #506
> > (libselinux/src/selinux_config.c:284). The fix here is analogous:
> > the variable should not have been const-qualified in the first place.
> >
> > Signed-off-by: Dustin Kirkland <dustin.kirkland@chainguard.dev>
>
> Acked-by: Petr Lautrbach <lautrbach@redhat.com>
>
Merged.
Thanks,
Jim
>
> > ---
> >
> > Resent of the original patch downloaded from githu as the original patch in the
> > email was slightly broken.
> >
> > policycoreutils/secon/secon.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
> > index d624fa136f3e..9a05cf1959ba 100644
> > --- a/policycoreutils/secon/secon.c
> > +++ b/policycoreutils/secon/secon.c
> > @@ -348,7 +348,7 @@ static int my_getXcon_raw(pid_t pid, char **con, const char *val)
> > {
> > char buf[4096];
> > FILE *fp = NULL;
> > - const char *ptr = NULL;
> > + char *ptr = NULL;
> >
> > snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid,
> > val);
> > --
> > 2.54.0
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-12 18:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-12 15:08 [PATCH] policycoreutils/secon: fix discarded-qualifiers warning with glibc 2.43 Dustin Kirkland
2026-04-27 12:32 ` Petr Lautrbach
2026-04-27 12:47 ` Petr Lautrbach
2026-05-12 18:05 ` James Carter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox