From 217f00e1ff962fff7e7babc619d29dfc30cb72f6 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Thu, 12 Dec 2024 19:44:25 +0100 Subject: [PATCH] libsemanage: Mute error messages from selinux_restorecon Content-type: text/plain Mute error messages produced by selinux_restorecon when rebuilding the policy store to avoid error messages in containers, image mode, etc. Fixes: #podman build --security-opt=label=disable --cap-add=all --device /dev/fuse -t quay.io/jlebon/fedora-bootc:tier-x . --build-arg MANIFEST=fedora-tier-x.yaml --from quay.io/fedora/fedora:rawhide ... Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas/lang_ext: Operation not supported Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas: Operation not supported Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/cil: Operation not supported Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/hll: Operation not supported ... https://bugzilla.redhat.com/show_bug.cgi?id=2326348 Signed-off-by: Vit Mojzis Acked-by: James Carter --- libsemanage/src/semanage_store.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index c26f5667b3cd..fc77e4817c4d 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -3026,15 +3026,29 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, return 0; } +/* log_callback muting all logs */ +static int __attribute__ ((format(printf, 2, 3))) +log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) const char *fmt, ...) +{ + return 0; +} + /* Make sure the file context and ownership of files in the policy * store does not change */ void semanage_setfiles(const char *path){ struct stat sb; int fd; + union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG); + union selinux_callback cb = { .func_log = log_callback_mute }; + + /* Mute all logs */ + selinux_set_callback(SELINUX_CB_LOG, cb); + /* Fix the user and role portions of the context, ignore errors * since this is not a critical operation */ selinux_restorecon(path, SELINUX_RESTORECON_SET_SPECFILE_CTX | SELINUX_RESTORECON_IGNORE_NOENTRY); - + /* restore log_logging */ + selinux_set_callback(SELINUX_CB_LOG, cb_orig); /* Make sure "path" is owned by root */ if ((geteuid() != 0 || getegid() != 0) && ((fd = open(path, O_RDONLY)) != -1)){ -- 2.48.1