rpms/libsepol
6
0
Fork 0
Code Issues Pull Requests Releases Activity
1b0d1244a7
libsepol/0025-libsepol-cil-restore-error-on-context-rule-conflicts.patch
Petr Lautrbach 1b0d1244a7 libsepol-3.4-4 
Rebase on upstream f56a72ac9e86
2022-11-21 11:26:09 +01:00

52 lines
2.0 KiB
Diff
Raw Blame History

From 3f11c7d19c449996d7c34190d6aa74220b104779 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 12 Oct 2022 16:27:51 +0200
Subject: [PATCH] libsepol/cil: restore error on context rule conflicts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain
Commit bc26ddc59c8d ("libsepol/cil: Limit the amount of reporting for
context rule conflicts") reworked the processing of context rule
conflicts to limit the number of written conflicting statements to
increase readability of the printed error message. It forgot to set the
return value, signaling a context conflict, in the case the logging
level is higher than warning (e.g. in semodule(8), which defaults to
error).
Reported-by: Milos Malik <mmalik@redhat.com> [1]
Fixes: bc26ddc59c8d ("libsepol/cil: Limit the amount of reporting for context rule conflicts")
[1]: https://lore.kernel.org/selinux/87y1u1rkoo.fsf@redhat.com/
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_post.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index 6e95225f93f1..11e572e274aa 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -2290,6 +2290,7 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
} else {
removed++;
if (!db->multiple_decls || concompar(&sort->array[i], &sort->array[j]) != 0) {
+ rc = SEPOL_ERR;
conflicting++;
if (log_level >= CIL_WARN) {
struct cil_list_item li;
@@ -2297,7 +2298,6 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
li.flavor = flavor;
if (conflicting == 1) {
cil_log(CIL_WARN, "Found conflicting %s rules\n", flavor_str);
- rc = SEPOL_ERR;
li.data = sort->array[i];
rc2 = cil_tree_walk(db->ast->root, __cil_post_report_conflict,
NULL, NULL, &li);
--
2.38.1
Reference in New Issue View Git Blame Copy Permalink