diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2022-09-22 11:54:47 +0300 |
|---|---|---|
| committer | Michal Domonkos <mdomonko@redhat.com> | 2023-03-13 15:32:25 +0100 |
| commit | ef1e889d0d83410878aaaea88ae9b8910064b836 (patch) | |
| tree | f53b3f49282c3797330315b45c97d3fa8e182e67 | |
| parent | 9841eed905b9433dc5d89583d34e4590842aa582 (diff) | |
| download | rpm-ef1e889d0d83410878aaaea88ae9b8910064b836.tar.gz | |
Add a handler for libselinux log messages (RhBug:2123719, RhBug:2050774)
libselinux logs to stderr by default, which up to now has been just fine
with us. However somewhere around libselinux 3.2 it begun issuing
log messages for events discovered in selinux_status_updated().
We only call that to see whether the status *was* updated behind our
back and are not interested in these audit-style messages for our
functionality, but to suppress them while preserving actually relevant
errors and warnings, we need to have a log callback of our own. Might as
well forward them to rpmlog then.
SELINUX_ERROR and SELINUX_WARNING are pretty obvious, of SELINUX_AVC
selinux_set_callback(3) says it should be treated as SELINUX_ERROR if
not audited. The rest we suppress to debug messages, they may be handy
for diagnostics some day.
Note that this intentionally avoids explicit SELINUX_POLICYLOAD and
SELINUX_SETENFORCE cases in the switch: we don't want to introduce
libselinux >= 3.2 dependency just because of this silly thing.
(cherry picked from commit 96888e99c5103d9dea5230c917b946732de2d302)
| -rw-r--r-- | plugins/selinux.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/plugins/selinux.c b/plugins/selinux.c index 316ff88ea..d8c5bf9ec 100644 --- a/plugins/selinux.c +++ b/plugins/selinux.c @@ -18,6 +18,35 @@ static inline rpmlogLvl loglvl(int iserror) return iserror ? RPMLOG_ERR : RPMLOG_DEBUG; } +static int logcb(int type, const char *fmt, ...) +{ + char *buf = NULL; + va_list ap; + int lvl; + + switch (type) { + case SELINUX_ERROR: + case SELINUX_AVC: + lvl = RPMLOG_ERR; + break; + case SELINUX_WARNING: + lvl = RPMLOG_WARNING; + break; + default: + lvl = RPMLOG_DEBUG; + break; + } + + va_start(ap, fmt); + rvasprintf(&buf, fmt, ap); + va_end(ap); + + rpmlog(lvl, "libselinux: type %d: %s", type, buf); + free(buf); + + return 0; +} + static void sehandle_fini(int close_status) { if (sehandle) { @@ -44,6 +73,7 @@ static rpmRC sehandle_init(int open_status) if (selinux_status_open(0) < 0) { return RPMRC_FAIL; } + selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &logcb); } else if (!selinux_status_updated() && sehandle) { return RPMRC_OK; } |