65 lines
2.5 KiB
Diff
65 lines
2.5 KiB
Diff
From 217f00e1ff962fff7e7babc619d29dfc30cb72f6 Mon Sep 17 00:00:00 2001
|
|
From: Vit Mojzis <vmojzis@redhat.com>
|
|
Date: Thu, 12 Dec 2024 19:44:25 +0100
|
|
Subject: [PATCH] libsemanage: Mute error messages from selinux_restorecon
|
|
Content-type: text/plain
|
|
|
|
Mute error messages produced by selinux_restorecon when rebuilding the
|
|
policy store to avoid error messages in containers, image mode, etc.
|
|
|
|
Fixes:
|
|
#podman build --security-opt=label=disable --cap-add=all --device /dev/fuse -t quay.io/jlebon/fedora-bootc:tier-x . --build-arg MANIFEST=fedora-tier-x.yaml --from quay.io/fedora/fedora:rawhide
|
|
...
|
|
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas/lang_ext: Operation not supported
|
|
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas: Operation not supported
|
|
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/cil: Operation not supported
|
|
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/hll: Operation not supported
|
|
...
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=2326348
|
|
|
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
Acked-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsemanage/src/semanage_store.c | 16 +++++++++++++++-
|
|
1 file changed, 15 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
|
|
index c26f5667b3cd..fc77e4817c4d 100644
|
|
--- a/libsemanage/src/semanage_store.c
|
|
+++ b/libsemanage/src/semanage_store.c
|
|
@@ -3026,15 +3026,29 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
|
|
return 0;
|
|
}
|
|
|
|
+/* log_callback muting all logs */
|
|
+static int __attribute__ ((format(printf, 2, 3)))
|
|
+log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) const char *fmt, ...)
|
|
+{
|
|
+ return 0;
|
|
+}
|
|
+
|
|
/* Make sure the file context and ownership of files in the policy
|
|
* store does not change */
|
|
void semanage_setfiles(const char *path){
|
|
struct stat sb;
|
|
int fd;
|
|
+ union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
|
|
+ union selinux_callback cb = { .func_log = log_callback_mute };
|
|
+
|
|
+ /* Mute all logs */
|
|
+ selinux_set_callback(SELINUX_CB_LOG, cb);
|
|
+
|
|
/* Fix the user and role portions of the context, ignore errors
|
|
* since this is not a critical operation */
|
|
selinux_restorecon(path, SELINUX_RESTORECON_SET_SPECFILE_CTX | SELINUX_RESTORECON_IGNORE_NOENTRY);
|
|
-
|
|
+ /* restore log_logging */
|
|
+ selinux_set_callback(SELINUX_CB_LOG, cb_orig);
|
|
/* Make sure "path" is owned by root */
|
|
if ((geteuid() != 0 || getegid() != 0) &&
|
|
((fd = open(path, O_RDONLY)) != -1)){
|
|
--
|
|
2.48.1
|
|
|