From a1518f0a94e74d405ca72ed3c60335a4a03161a4 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 11 Jul 2025 11:46:08 +0900
Subject: [PATCH] selinux-util: downgrade log level to LOG_DEBUG when error
 code is zero

Previously, the logger is only used in error paths, but since
fe3f2ac0734e64dcd729b00992a6261cbf4cc846, the logger is also used in a
success path. Let's not log loudly on success.

This also drops unused log_selinux_enforcing().
---
 src/shared/selinux-util.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h
index d8df89d79ec..e97bc40dcca 100644
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -17,14 +17,14 @@ static inline void freeconp(char **p) {
 
 #define _cleanup_freecon_ _cleanup_(freeconp)
 
-#define log_selinux_enforcing(...)                                      \
-        log_full(mac_selinux_enforcing() ? LOG_ERR : LOG_WARNING, __VA_ARGS__)
-
+/* This accepts 0 error, like _zerook(). */
 #define log_selinux_enforcing_errno(error, ...)                         \
         ({                                                              \
-                bool _enforcing = mac_selinux_enforcing();              \
-                int _level = _enforcing ? LOG_ERR : LOG_WARNING;        \
                 int _e = (error);                                       \
+                bool _enforcing = mac_selinux_enforcing();              \
+                int _level =                                            \
+                        ERRNO_VALUE(_e) == 0 ? LOG_DEBUG :              \
+                                  _enforcing ? LOG_ERR : LOG_WARNING;   \
                                                                         \
                 int _r = (log_get_max_level() >= LOG_PRI(_level))       \
                         ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
-- 
2.47.3