87 lines
2.9 KiB
Diff
87 lines
2.9 KiB
Diff
From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001
|
|
Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com>
|
|
From: Panu Matilainen <pmatilai@redhat.com>
|
|
Date: Thu, 14 Feb 2019 13:12:49 +0200
|
|
Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux
|
|
plugin, doh.
|
|
|
|
When there's an actual error, people will want to know without having
|
|
to rerun in verbose mode. Such as in RhBug:1641631 where configured
|
|
selinux policy differs from what is installed - the former message
|
|
|
|
error: Plugin selinux: hook tsm_pre failed
|
|
|
|
...is not particularly helpful to anybody, whereas this actually provides
|
|
some clues now:
|
|
|
|
error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory
|
|
error: Plugin selinux: hook tsm_pre failed
|
|
---
|
|
plugins/selinux.c | 19 +++++++++----------
|
|
1 file changed, 9 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/plugins/selinux.c b/plugins/selinux.c
|
|
index accd47416..f1caf257c 100644
|
|
--- a/plugins/selinux.c
|
|
+++ b/plugins/selinux.c
|
|
@@ -12,6 +12,11 @@
|
|
|
|
static struct selabel_handle * sehandle = NULL;
|
|
|
|
+static inline rpmlogLvl loglvl(int iserror)
|
|
+{
|
|
+ return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
|
|
+}
|
|
+
|
|
static void sehandle_fini(int close_status)
|
|
{
|
|
if (sehandle) {
|
|
@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status)
|
|
|
|
sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
|
|
|
|
- rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
|
|
+ rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
|
|
path, (sehandle == NULL ? strerror(errno) : ""));
|
|
|
|
return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
|
|
@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
|
|
if ((xx = setexeccon(newcon)) == 0)
|
|
rc = RPMRC_OK;
|
|
|
|
- if (rpmIsDebug()) {
|
|
- rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n",
|
|
+ rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
|
|
path, newcon, (xx < 0 ? strerror(errno) : ""));
|
|
- }
|
|
|
|
exit:
|
|
context_free(con);
|
|
@@ -143,10 +146,8 @@ exit:
|
|
if ((xx = setexecfilecon(path, "rpm_script_t") == 0))
|
|
rc = RPMRC_OK;
|
|
|
|
- if (rpmIsDebug()) {
|
|
- rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n",
|
|
+ rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
|
|
path, (xx < 0 ? strerror(errno) : ""));
|
|
- }
|
|
#endif
|
|
/* If selinux is not enforcing, we don't care either */
|
|
if (rc && security_getenforce() < 1)
|
|
@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
|
if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
|
|
int conrc = lsetfilecon(path, scon);
|
|
|
|
- if (rpmIsDebug()) {
|
|
- rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
|
|
+ rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n",
|
|
path, scon, (conrc < 0 ? strerror(errno) : ""));
|
|
- }
|
|
|
|
if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
|
|
rc = RPMRC_OK;
|
|
--
|
|
2.20.1
|
|
|