| Message ID | 20240315172436.631262-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 6e2f7033406a |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | libselinux: avoid logs in get_ordered_context_list() without policy | expand |
On Fri, Mar 15, 2024 at 1:31 PM Christian Göttsche <cgzones@googlemail.com> wrote: > > If no policy has been loaded yet and thus the current context is still > "kernel" avoid logging failures in get_ordered_context_list(), like: > > get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/users/root > get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/default_contexts > > Since get_context_user() needs a valid context, because it tries to split > it into its parts, jump right to the failsafe. Needs a sign-off. Thanks, Jim > --- > libselinux/src/get_context_list.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c > index 7e23be05..ec3775a8 100644 > --- a/libselinux/src/get_context_list.c > +++ b/libselinux/src/get_context_list.c > @@ -427,6 +427,12 @@ int get_ordered_context_list(const char *user, > fromcon = backup_fromcon; > } > > + if (strcmp(fromcon, "kernel") == 0) > + /* get_context_user() needs a valid context, avoid > + * unnecessary log messages if no policy has been loaded > + * yet. */ > + goto failsafe; > + > /* Determine the ordering to apply from the optional per-user config > and from the global config. */ > fname_len = strlen(user_contexts_path) + strlen(user) + 2; > -- > 2.43.0 > >
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c index 7e23be05..ec3775a8 100644 --- a/libselinux/src/get_context_list.c +++ b/libselinux/src/get_context_list.c @@ -427,6 +427,12 @@ int get_ordered_context_list(const char *user, fromcon = backup_fromcon; } + if (strcmp(fromcon, "kernel") == 0) + /* get_context_user() needs a valid context, avoid + * unnecessary log messages if no policy has been loaded + * yet. */ + goto failsafe; + /* Determine the ordering to apply from the optional per-user config and from the global config. */ fname_len = strlen(user_contexts_path) + strlen(user) + 2;
If no policy has been loaded yet and thus the current context is still "kernel" avoid logging failures in get_ordered_context_list(), like: get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/users/root get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/default_contexts Since get_context_user() needs a valid context, because it tries to split it into its parts, jump right to the failsafe. --- libselinux/src/get_context_list.c | 6 ++++++ 1 file changed, 6 insertions(+)