static struct selabel_handle *label_hnd = NULL;
static bool have_status_page = false;
-#define log_enforcing(...) \
- log_full(mac_selinux_enforcing() ? LOG_ERR : LOG_WARNING, __VA_ARGS__)
-
-#define log_enforcing_errno(error, ...) \
- ({ \
- bool _enforcing = mac_selinux_enforcing(); \
- int _level = _enforcing ? LOG_ERR : LOG_WARNING; \
- int _e = (error); \
- \
- int _r = (log_get_max_level() >= LOG_PRI(_level)) \
- ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
- : -ERRNO_VALUE(_e); \
- _enforcing ? _r : 0; \
- })
-
static int mac_selinux_label_pre(int dir_fd, const char *path, mode_t mode) {
return mac_selinux_create_file_prepare_at(dir_fd, path, mode);
}
hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
if (!hnd)
- return log_enforcing_errno(errno, "Failed to initialize SELinux labeling handle: %m");
+ return log_selinux_enforcing_errno(errno, "Failed to initialize SELinux labeling handle: %m");
if (DEBUG_LOGGING) {
after_timestamp = now(CLOCK_MONOTONIC);
r = selinux_status_open(/* netlink fallback= */ 1);
if (r < 0) {
if (!ERRNO_IS_PRIVILEGE(errno))
- return log_enforcing_errno(errno, "Failed to open SELinux status page: %m");
+ return log_selinux_enforcing_errno(errno, "Failed to open SELinux status page: %m");
log_warning_errno(errno, "selinux_status_open() with netlink fallback failed, not checking for policy reloads: %m");
} else if (r == 1)
log_warning("selinux_status_open() failed to open the status page, using the netlink fallback.");
if (errno == ENOENT)
return 0;
- return log_enforcing_errno(errno, "Unable to lookup intended SELinux security context of %s: %m", label_path);
+ return log_selinux_enforcing_errno(errno, "Unable to lookup intended SELinux security context of %s: %m", label_path);
}
if (setfilecon_raw(FORMAT_PROC_FD_PATH(fd), fcon) < 0) {
if (getfilecon_raw(FORMAT_PROC_FD_PATH(fd), &oldcon) >= 0 && streq_ptr(fcon, oldcon))
return 0;
- return log_enforcing_errno(r, "Unable to fix SELinux security context of %s: %m", label_path);
+ return log_selinux_enforcing_errno(r, "Unable to fix SELinux security context of %s: %m", label_path);
}
return 0;
assert(label);
if (setfilecon(path, label) < 0)
- return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, path);
+ return log_selinux_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, path);
#endif
return 0;
}
assert(label);
if (setfilecon(FORMAT_PROC_FD_PATH(fd), label) < 0)
- return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path));
+ return log_selinux_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path));
#endif
return 0;
}
if (errno == ENOENT)
return 0;
- return log_enforcing_errno(errno, "Failed to determine SELinux security context for %s: %m", abspath);
+ return log_selinux_enforcing_errno(errno, "Failed to determine SELinux security context for %s: %m", abspath);
}
if (setfscreatecon_raw(filecon) < 0)
- return log_enforcing_errno(errno, "Failed to set SELinux security context %s for %s: %m", filecon, abspath);
+ return log_selinux_enforcing_errno(errno, "Failed to set SELinux security context %s for %s: %m", filecon, abspath);
return 0;
}
return r;
if (setfscreatecon_raw(label) < 0)
- return log_enforcing_errno(errno, "Failed to set specified SELinux security context '%s' for '%s': %m", label, strna(path));
+ return log_selinux_enforcing_errno(errno, "Failed to set specified SELinux security context '%s' for '%s': %m", label, strna(path));
#endif
return 0;
}
return r;
if (setsockcreatecon(label) < 0)
- return log_enforcing_errno(errno, "Failed to set SELinux security context %s for sockets: %m", label);
+ return log_selinux_enforcing_errno(errno, "Failed to set SELinux security context %s for sockets: %m", label);
#endif
return 0;
if (errno == ENOENT)
goto skipped;
- r = log_enforcing_errno(errno, "Failed to determine SELinux security context for %s: %m", path);
+ r = log_selinux_enforcing_errno(errno, "Failed to determine SELinux security context for %s: %m", path);
if (r < 0)
return r;
} else {
if (setfscreatecon_raw(fcon) < 0) {
- r = log_enforcing_errno(errno, "Failed to set SELinux security context %s for %s: %m", fcon, path);
+ r = log_selinux_enforcing_errno(errno, "Failed to set SELinux security context %s for %s: %m", fcon, path);
if (r < 0)
return r;
} else
projects / thirdparty / systemd.git / commitdiff
