if (virFileReadAll(APPARMOR_PROFILES_PATH, MAX_FILE_LEN, &content) < 0) {
virReportSystemError(errno,
- _("Failed to read AppArmor profiles list "
- "\'%s\'"), APPARMOR_PROFILES_PATH);
+ _("Failed to read AppArmor profiles list \'%1$s\'"),
+ APPARMOR_PROFILES_PATH);
return -2;
}
if ((len = virFileReadAll(profile, MAX_FILE_LEN, &content)) < 0) {
virReportSystemError(errno,
- _("Failed to read \'%s\'"), profile);
+ _("Failed to read \'%1$s\'"), profile);
goto failed;
}
if (profile_loaded(secdef->imagelabel) >= 0) {
if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot update AppArmor profile "
- "\'%s\'"),
+ _("cannot update AppArmor profile \'%1$s\'"),
secdef->imagelabel);
return -1;
}
if (!virFileExists(template_qemu)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("template \'%s\' does not exist"), template_qemu);
+ _("template \'%1$s\' does not exist"), template_qemu);
return SECURITY_DRIVER_DISABLE;
}
if (!virFileExists(template_lxc)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("template \'%s\' does not exist"), template_lxc);
+ _("template \'%1$s\' does not exist"), template_lxc);
return SECURITY_DRIVER_DISABLE;
}
/* Now that we have a label, load the profile into the kernel. */
if (load_profile(mgr, secdef->label, def, NULL, false) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot load AppArmor profile "
- "\'%s\'"), secdef->label);
+ _("cannot load AppArmor profile \'%1$s\'"),
+ secdef->label);
goto err;
}
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if ((rc = remove_profile(secdef->label)) != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("could not remove profile for \'%s\'"),
+ _("could not remove profile for \'%1$s\'"),
secdef->label);
}
}
if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "\'%s\' model configured for domain, but "
- "hypervisor driver is \'%s\'."),
+ _("security label driver mismatch: \'%1$s\' model configured for domain, but hypervisor driver is \'%2$s\'."),
secdef->model, SECURITY_APPARMOR_NAME);
if (use_apparmor() > 0)
return -1;
if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "\'%s\' model configured for domain, but "
- "hypervisor driver is \'%s\'."),
+ _("security label driver mismatch: \'%1$s\' model configured for domain, but hypervisor driver is \'%2$s\'."),
secdef->model, SECURITY_APPARMOR_NAME);
if (use_apparmor() > 0)
return -1;
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
if (!virFileExists(mem->nvdimmPath)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("%s: \'%s\' does not exist"),
+ _("%1$s: \'%2$s\' does not exist"),
__func__, mem->nvdimmPath);
return -1;
}
case VIR_DOMAIN_INPUT_TYPE_EVDEV:
if (input->source.evdev == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("%s: passthrough input device has no source"),
+ _("%1$s: passthrough input device has no source"),
__func__);
return -1;
}
if (!virFileExists(input->source.evdev)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("%s: \'%s\' does not exist"),
+ _("%1$s: \'%2$s\' does not exist"),
__func__, input->source.evdev);
return -1;
}
/* if the device doesn't exist, error out */
if (!virFileExists(path)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("\'%s\' does not exist"),
+ _("\'%1$s\' does not exist"),
path);
return -1;
}
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
virReportError(VIR_ERR_XML_ERROR,
- _("Invalid security label \'%s\'"),
+ _("Invalid security label \'%1$s\'"),
secdef->label);
return -1;
}
if (catRange < 8) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Category range c%d-c%d too small"),
+ _("Category range c%1$d-c%2$d too small"),
catMin, catMax);
return NULL;
}
}
if (!(ourContext = context_new(ourSecContext))) {
virReportSystemError(errno,
- _("Unable to parse current SELinux context '%s'"),
+ _("Unable to parse current SELinux context '%1$s'"),
ourSecContext);
goto cleanup;
}
tmp = cat;
if (tmp[0] != 'c') {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Cannot parse category in %s"),
+ _("Cannot parse category in %1$s"),
cat);
goto cleanup;
}
tmp++;
if (virStrToLong_i(tmp, &tmp, 10, catMin) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Cannot parse category in %s"),
+ _("Cannot parse category in %1$s"),
cat);
goto cleanup;
}
/* Find & extract category max (if any) */
if (tmp[0] != '.') {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Cannot parse category in %s"),
+ _("Cannot parse category in %1$s"),
cat);
goto cleanup;
}
tmp++;
if (tmp[0] != 'c') {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Cannot parse category in %s"),
+ _("Cannot parse category in %1$s"),
cat);
goto cleanup;
}
tmp++;
if (virStrToLong_i(tmp, &tmp, 10, catMax) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Cannot parse category in %s"),
+ _("Cannot parse category in %1$s"),
cat);
goto cleanup;
}
if (context_range_set(dstcon, context_range_get(srccon)) == -1) {
virReportSystemError(errno,
- _("unable to set security context range '%s'"), dst);
+ _("unable to set security context range '%1$s'"), dst);
goto cleanup;
}
}
if (getfilecon(binaryPath, &binaryCon) < 0) {
- virReportSystemError(errno, _("unable to get SELinux context for '%s'"),
+ virReportSystemError(errno, _("unable to get SELinux context for '%1$s'"),
binaryPath);
return NULL;
}
string_to_security_class("process"),
&naturalLabel) < 0) {
virReportSystemError(errno,
- _("unable create new SELinux label based on label '%s' and file '%s'"),
+ _("unable create new SELinux label based on label '%1$s' and file '%2$s'"),
origLabel, binaryPath);
return NULL;
}
}
if (!(ourContext = context_new(ourSecContext))) {
virReportSystemError(errno,
- _("Unable to parse current SELinux context '%s'"),
+ _("Unable to parse current SELinux context '%1$s'"),
ourSecContext);
goto cleanup;
}
if (!(context = context_new(basecontext))) {
virReportSystemError(errno,
- _("Unable to parse base SELinux context '%s'"),
+ _("Unable to parse base SELinux context '%1$s'"),
basecontext);
goto cleanup;
}
if (context_user_set(context,
context_user_get(ourContext)) != 0) {
virReportSystemError(errno,
- _("Unable to set SELinux context user '%s'"),
+ _("Unable to set SELinux context user '%1$s'"),
context_user_get(ourContext));
goto cleanup;
}
context_role_set(context,
context_role_get(ourContext)) != 0) {
virReportSystemError(errno,
- _("Unable to set SELinux context role '%s'"),
+ _("Unable to set SELinux context role '%1$s'"),
context_role_get(ourContext));
goto cleanup;
}
if (context_range_set(context, mcs) != 0) {
virReportSystemError(errno,
- _("Unable to set SELinux context MCS '%s'"),
+ _("Unable to set SELinux context MCS '%1$s'"),
mcs);
goto cleanup;
}
if (!data->domain_context) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("missing 'process' value in selinux lxc contexts file '%s'"),
+ _("missing 'process' value in selinux lxc contexts file '%1$s'"),
selinux_lxc_contexts_path());
goto error;
}
if (!data->file_context) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("missing 'file' value in selinux lxc contexts file '%s'"),
+ _("missing 'file' value in selinux lxc contexts file '%1$s'"),
selinux_lxc_contexts_path());
goto error;
}
if (!data->content_context) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("missing 'content' value in selinux lxc contexts file '%s'"),
+ _("missing 'content' value in selinux lxc contexts file '%1$s'"),
selinux_lxc_contexts_path());
goto error;
}
if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) {
virReportSystemError(errno,
- _("cannot read SELinux virtual domain context file '%s'"),
+ _("cannot read SELinux virtual domain context file '%1$s'"),
selinux_virtual_domain_context_path());
goto error;
}
if (virFileReadAll(selinux_virtual_image_context_path(), 2*MAX_CONTEXT, &(data->file_context)) < 0) {
virReportSystemError(errno,
- _("cannot read SELinux virtual image context file %s"),
+ _("cannot read SELinux virtual image context file %1$s"),
selinux_virtual_image_context_path());
goto error;
}
if (seclabel->model &&
STRNEQ(seclabel->model, SECURITY_SELINUX_NAME)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label model %s is not supported with selinux"),
+ _("security label model %1$s is not supported with selinux"),
seclabel->model);
return rc;
}
case VIR_DOMAIN_SECLABEL_STATIC:
if (!(ctx = context_new(seclabel->label))) {
virReportSystemError(errno,
- _("unable to allocate socket security context '%s'"),
+ _("unable to allocate socket security context '%1$s'"),
seclabel->label);
return rc;
}
case VIR_DOMAIN_SECLABEL_LAST:
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("unexpected security label type '%s'"),
+ _("unexpected security label type '%1$s'"),
virDomainSeclabelTypeToString(seclabel->type));
goto cleanup;
}
if (getpidcon_raw(pid, &pctx) == -1) {
virReportSystemError(errno,
- _("unable to get PID %d security context"), pid);
+ _("unable to get PID %1$d security context"), pid);
return -1;
}
if (rv == 1) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("MCS level for existing domain label %s already reserved"),
+ _("MCS level for existing domain label %1$s already reserved"),
(char*)pctx);
goto error;
}
if (getpidcon_raw(pid, &ctx) == -1) {
virReportSystemError(errno,
- _("unable to get PID %d security context"),
+ _("unable to get PID %1$d security context"),
pid);
return -1;
}
if (virStrcpy(sec->label, ctx, VIR_SECURITY_LABEL_BUFLEN) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label exceeds "
- "maximum length: %d"),
+ _("security label exceeds maximum length: %1$d"),
VIR_SECURITY_LABEL_BUFLEN - 1);
freecon(ctx);
return -1;
const char *msg;
if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 1 &&
security_get_boolean_active("virt_use_nfs") != 1) {
- msg = _("Setting security context '%s' on '%s' not supported. "
- "Consider setting virt_use_nfs");
+ msg = _("Setting security context '%1$s' on '%2$s' not supported. Consider setting virt_use_nfs");
if (security_getenforce() == 1)
VIR_WARN(msg, tcon, path);
else
(security_getenforce() == 1 &&
(setfilecon_errno != EPERM || privileged))) {
virReportSystemError(setfilecon_errno,
- _("unable to set security context '%s' on '%s'"),
+ _("unable to set security context '%1$s' on '%2$s'"),
tcon, path);
return -1;
}
if (getfilecon_raw(path, &econ) < 0 &&
errno != ENOTSUP && errno != ENODATA) {
virReportSystemError(errno,
- _("unable to get SELinux context of %s"),
+ _("unable to get SELinux context of %1$s"),
path);
goto cleanup;
}
* incremented in XATTRs so decrease it. */
if (STRNEQ(econ, tcon)) {
virReportError(VIR_ERR_OPERATION_INVALID,
- _("Setting different SELinux label on %s "
- "which is already in use"), path);
+ _("Setting different SELinux label on %1$s which is already in use"),
+ path);
goto cleanup;
}
}
*/
if (fsetfilecon_errno != EOPNOTSUPP) {
virReportSystemError(fsetfilecon_errno,
- _("unable to set security context '%s' on fd %d"),
+ _("unable to set security context '%1$s' on fd %2$d"),
tcon, fd);
if (security_getenforce() == 1)
return -1;
if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
+ _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."),
secdef->model, SECURITY_SELINUX_NAME);
return -1;
}
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (security_check_context(secdef->label) != 0) {
virReportError(VIR_ERR_XML_ERROR,
- _("Invalid security label %s"), secdef->label);
+ _("Invalid security label %1$s"), secdef->label);
return -1;
}
}
VIR_DEBUG("label=%s", secdef->label);
if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
+ _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."),
secdef->model, SECURITY_SELINUX_NAME);
if (security_getenforce() == 1)
return -1;
if (setexeccon_raw(secdef->label) == -1) {
virReportSystemError(errno,
- _("unable to set security context '%s'"),
+ _("unable to set security context '%1$s'"),
secdef->label);
if (security_getenforce() == 1)
return -1;
VIR_DEBUG("label=%s", secdef->label);
if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
+ _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."),
secdef->model, SECURITY_SELINUX_NAME);
if (security_getenforce() == 1)
return -1;
if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
+ _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."),
secdef->model, SECURITY_SELINUX_NAME);
goto done;
}
if (getcon_raw(&scon) == -1) {
virReportSystemError(errno,
- _("unable to get current process context '%s'"),
+ _("unable to get current process context '%1$s'"),
secdef->label);
goto done;
}
VIR_DEBUG("Setting VM %s socket context %s", def->name, str);
if (setsockcreatecon_raw(str) == -1) {
virReportSystemError(errno,
- _("unable to set socket security context '%s'"), str);
+ _("unable to set socket security context '%1$s'"), str);
goto done;
}
if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
+ _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."),
secdef->model, SECURITY_SELINUX_NAME);
goto done;
}
vm->name, secdef->label);
if (setsockcreatecon_raw(secdef->label) == -1) {
virReportSystemError(errno,
- _("unable to set socket security context '%s'"),
+ _("unable to set socket security context '%1$s'"),
secdef->label);
goto done;
}
if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
+ _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."),
secdef->model, SECURITY_SELINUX_NAME);
if (security_getenforce() == 1)
return -1;
if (setsockcreatecon_raw(NULL) == -1) {
virReportSystemError(errno,
- _("unable to clear socket security context '%s'"),
+ _("unable to clear socket security context '%1$s'"),
secdef->label);
if (security_getenforce() == 1)
return -1;
return 0;
if (fstat(fd, &buf) < 0) {
- virReportSystemError(errno, _("cannot stat tap fd %d"), fd);
+ virReportSystemError(errno, _("cannot stat tap fd %1$d"), fd);
goto cleanup;
}
if ((buf.st_mode & S_IFMT) != S_IFCHR) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("tap fd %d is not character device"), fd);
+ _("tap fd %1$d is not character device"), fd);
goto cleanup;
}
if (virFileResolveLink(proc, &fd_path) < 0) {
virReportSystemError(errno,
- _("Unable to resolve link: %s"), proc);
+ _("Unable to resolve link: %1$s"), proc);
goto cleanup;
}
if (getContext(mgr, fd_path, buf.st_mode, &fcon) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot lookup default selinux label for tap fd %d"), fd);
+ _("cannot lookup default selinux label for tap fd %1$d"), fd);
goto cleanup;
}
if (secdef->label) {
ctx = context_new(secdef->label);
if (!ctx) {
- virReportSystemError(errno, _("unable to create selinux context for: %s"),
+ virReportSystemError(errno, _("unable to create selinux context for: %1$s"),
secdef->label);
goto cleanup;
}
break;
}
if (ret < 0)
- virReportSystemError(errno, _("Unable to label files under %s"),
+ virReportSystemError(errno, _("Unable to label files under %1$s"),
path);
return ret;
break;
}
if (ret < 0)
- virReportSystemError(errno, _("Unable to restore file labels under %s"),
+ virReportSystemError(errno, _("Unable to restore file labels under %1$s"),
path);
return ret;
projects / thirdparty / libvirt.git / commitdiff
