richardphibel / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
0b2921
From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001
0b2921
Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com>
0b2921
From: Panu Matilainen <pmatilai@redhat.com>
0b2921
Date: Thu, 14 Feb 2019 13:12:49 +0200
0b2921
Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux
0b2921
 plugin, doh.
0b2921
0b2921
When there's an actual error, people will want to know without having
0b2921
to rerun in verbose mode. Such as in RhBug:1641631 where configured
0b2921
selinux policy differs from what is installed - the former message
0b2921
0b2921
    error: Plugin selinux: hook tsm_pre failed
0b2921
0b2921
...is not particularly helpful to anybody, whereas this actually provides
0b2921
some clues now:
0b2921
0b2921
    error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory
0b2921
    error: Plugin selinux: hook tsm_pre failed
0b2921
---
0b2921
 plugins/selinux.c | 19 +++++++++----------
0b2921
 1 file changed, 9 insertions(+), 10 deletions(-)
0b2921
0b2921
diff --git a/plugins/selinux.c b/plugins/selinux.c
0b2921
index accd47416..f1caf257c 100644
0b2921
--- a/plugins/selinux.c
0b2921
+++ b/plugins/selinux.c
0b2921
@@ -12,6 +12,11 @@
0b2921
 
0b2921
 static struct selabel_handle * sehandle = NULL;
0b2921
 
0b2921
+static inline rpmlogLvl loglvl(int iserror)
0b2921
+{
0b2921
+    return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
0b2921
+}
0b2921
+
0b2921
 static void sehandle_fini(int close_status)
0b2921
 {
0b2921
     if (sehandle) {
0b2921
@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status)
0b2921
 
0b2921
     sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
0b2921
 
0b2921
-    rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
0b2921
+    rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
0b2921
 	   path, (sehandle == NULL ? strerror(errno) : ""));
0b2921
 
0b2921
     return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
0b2921
@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
0b2921
     if ((xx = setexeccon(newcon)) == 0)
0b2921
 	rc = RPMRC_OK;
0b2921
 
0b2921
-    if (rpmIsDebug()) {
0b2921
-	rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n",
0b2921
+    rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
0b2921
 	       path, newcon, (xx < 0 ? strerror(errno) : ""));
0b2921
-    }
0b2921
 
0b2921
 exit:
0b2921
     context_free(con);
0b2921
@@ -143,10 +146,8 @@ exit:
0b2921
     if ((xx = setexecfilecon(path, "rpm_script_t") == 0))
0b2921
 	rc = RPMRC_OK;
0b2921
 
0b2921
-    if (rpmIsDebug()) {
0b2921
-	rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n",
0b2921
+    rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
0b2921
 	       path, (xx < 0 ? strerror(errno) : ""));
0b2921
-    }
0b2921
 #endif
0b2921
     /* If selinux is not enforcing, we don't care either */
0b2921
     if (rc && security_getenforce() < 1)
0b2921
@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
0b2921
 	if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
0b2921
 	    int conrc = lsetfilecon(path, scon);
0b2921
 
0b2921
-	    if (rpmIsDebug()) {
0b2921
-		rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
0b2921
+	    rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n",
0b2921
 		       path, scon, (conrc < 0 ? strerror(errno) : ""));
0b2921
-	    }
0b2921
 
0b2921
 	    if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
0b2921
 		rc = RPMRC_OK;
0b2921
-- 
0b2921
2.20.1
0b2921