selinux: include precise low-level error string in returned D-Bus errors

author Lennart Poettering <lennart@poettering.net>

Tue, 12 Jul 2022 14:23:02 +0000 (16:23 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 20 Jul 2022 17:09:24 +0000 (19:09 +0200)
author Lennart Poettering <lennart@poettering.net>
Tue, 12 Jul 2022 14:23:02 +0000 (16:23 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 20 Jul 2022 17:09:24 +0000 (19:09 +0200)
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c

index 878dea13f13888db4c9c8823a7c26a6e4aa651fb..848ae246a7f7b075e78ec9d858e9e5278647d557 100644 (file)
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -240,7 +240,7 @@ int mac_selinux_access_check_internal(
                          if (!enforce)
                                  return 0;
  
-                        return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context.");
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context: %m");
                  }
  
                  acon = fcon;
@@ -259,10 +259,10 @@ int mac_selinux_access_check_internal(
  
          r = selinux_check_access(scon, acon, tclass, permission, &audit_info);
          if (r < 0) {
-                r = errno_or_else(EPERM);
+                errno = -(r = errno_or_else(EPERM));
  
                  if (enforce)
-                        sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
+                        sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access: %m");
          }
  
          log_full_errno_zerook(LOG_DEBUG, r,
author	Lennart Poettering <lennart@poettering.net>
	Tue, 12 Jul 2022 14:23:02 +0000 (16:23 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 20 Jul 2022 17:09:24 +0000 (19:09 +0200)