michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 6 months ago
Clone

Blame SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch

83a7c7
From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001
83a7c7
Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com>
83a7c7
From: Panu Matilainen <pmatilai@redhat.com>
83a7c7
Date: Thu, 14 Feb 2019 13:12:49 +0200
83a7c7
Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux
83a7c7
 plugin, doh.
83a7c7
83a7c7
When there's an actual error, people will want to know without having
83a7c7
to rerun in verbose mode. Such as in RhBug:1641631 where configured
83a7c7
selinux policy differs from what is installed - the former message
83a7c7
83a7c7
    error: Plugin selinux: hook tsm_pre failed
83a7c7
83a7c7
...is not particularly helpful to anybody, whereas this actually provides
83a7c7
some clues now:
83a7c7
83a7c7
    error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory
83a7c7
    error: Plugin selinux: hook tsm_pre failed
83a7c7
---
83a7c7
 plugins/selinux.c | 19 +++++++++----------
83a7c7
 1 file changed, 9 insertions(+), 10 deletions(-)
83a7c7
83a7c7
diff --git a/plugins/selinux.c b/plugins/selinux.c
83a7c7
index accd47416..f1caf257c 100644
83a7c7
--- a/plugins/selinux.c
83a7c7
+++ b/plugins/selinux.c
83a7c7
@@ -12,6 +12,11 @@
83a7c7
 
83a7c7
 static struct selabel_handle * sehandle = NULL;
83a7c7
 
83a7c7
+static inline rpmlogLvl loglvl(int iserror)
83a7c7
+{
83a7c7
+    return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
83a7c7
+}
83a7c7
+
83a7c7
 static void sehandle_fini(int close_status)
83a7c7
 {
83a7c7
     if (sehandle) {
83a7c7
@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status)
83a7c7
 
83a7c7
     sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
83a7c7
 
83a7c7
-    rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
83a7c7
+    rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
83a7c7
 	   path, (sehandle == NULL ? strerror(errno) : ""));
83a7c7
 
83a7c7
     return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
83a7c7
@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
83a7c7
     if ((xx = setexeccon(newcon)) == 0)
83a7c7
 	rc = RPMRC_OK;
83a7c7
 
83a7c7
-    if (rpmIsDebug()) {
83a7c7
-	rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n",
83a7c7
+    rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
83a7c7
 	       path, newcon, (xx < 0 ? strerror(errno) : ""));
83a7c7
-    }
83a7c7
 
83a7c7
 exit:
83a7c7
     context_free(con);
83a7c7
@@ -143,10 +146,8 @@ exit:
83a7c7
     if ((xx = setexecfilecon(path, "rpm_script_t") == 0))
83a7c7
 	rc = RPMRC_OK;
83a7c7
 
83a7c7
-    if (rpmIsDebug()) {
83a7c7
-	rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n",
83a7c7
+    rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
83a7c7
 	       path, (xx < 0 ? strerror(errno) : ""));
83a7c7
-    }
83a7c7
 #endif
83a7c7
     /* If selinux is not enforcing, we don't care either */
83a7c7
     if (rc && security_getenforce() < 1)
83a7c7
@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
83a7c7
 	if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
83a7c7
 	    int conrc = lsetfilecon(path, scon);
83a7c7
 
83a7c7
-	    if (rpmIsDebug()) {
83a7c7
-		rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
83a7c7
+	    rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n",
83a7c7
 		       path, scon, (conrc < 0 ? strerror(errno) : ""));
83a7c7
-	    }
83a7c7
 
83a7c7
 	    if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
83a7c7
 		rc = RPMRC_OK;
83a7c7
-- 
83a7c7
2.20.1
83a7c7