emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

libsubid: don't print error messages on stderr by default

Browse Source 
Closes #325

Add a new subid_init() function which can be used to specify the
stream on which error messages should be printed.  (If you want to
get fancy you can redirect that to memory :)  If subid_init() is
not called, use stderr.  If NULL is passed, then /dev/null will
be used.

This patch also fixes up the 'Prog', which previously had to be
defined by any program linking against libsubid.  Now, by default
in libsubid it will show (subid).  Once subid_init() is called,
it will use the first variable passed to subid_init().

Signed-off-by: Serge Hallyn <serge@hallyn.com>
This commit is contained in:
Serge Hallyn
2021-05-08 17:42:14 -05:00
parent 3ac8d97825
commit 2b22a6909d
75 changed files with 311 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
lib/semanage.c
View File

@ -69,7 +69,7 @@ static void semanage_error_callback (unused void *varg,
switch (semanage_msg_get_level (handle)) {
case SEMANAGE_MSG_ERR:
case SEMANAGE_MSG_WARN:
fprintf (stderr, _("[libsemanage]: %s\n"), message);
fprintf (shadow_logfd, _("[libsemanage]: %s\n"), message);
break;
case SEMANAGE_MSG_INFO:
/* nop */
@ -87,7 +87,7 @@ static semanage_handle_t *semanage_init (void)
handle = semanage_handle_create ();
if (NULL == handle) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Cannot create SELinux management handle\n"));
return NULL;
}
@ -96,26 +96,26 @@ static semanage_handle_t *semanage_init (void)
ret = semanage_is_managed (handle);
if (ret != 1) {
fprintf (stderr, _("SELinux policy not managed\n"));
fprintf (shadow_logfd, _("SELinux policy not managed\n"));
goto fail;
}
ret = semanage_access_check (handle);
if (ret < SEMANAGE_CAN_READ) {
fprintf (stderr, _("Cannot read SELinux policy store\n"));
fprintf (shadow_logfd, _("Cannot read SELinux policy store\n"));
goto fail;
}
ret = semanage_connect (handle);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Cannot establish SELinux management connection\n"));
goto fail;
}
ret = semanage_begin_transaction (handle);
if (ret != 0) {
fprintf (stderr, _("Cannot begin SELinux transaction\n"));
fprintf (shadow_logfd, _("Cannot begin SELinux transaction\n"));
goto fail;
}
@ -137,7 +137,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
semanage_seuser_query (handle, key, &seuser);
if (NULL == seuser) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not query seuser for %s\n"), login_name);
ret = 1;
goto done;
@ -145,7 +145,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not set serange for %s\n"), login_name);
ret = 1;
goto done;
@ -153,7 +153,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not set sename for %s\n"),
login_name);
ret = 1;
@ -162,7 +162,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
ret = semanage_seuser_modify_local (handle, key, seuser);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not modify login mapping for %s\n"),
login_name);
ret = 1;
@ -186,7 +186,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_create (handle, &seuser);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Cannot create SELinux login mapping for %s\n"),
login_name);
ret = 1;
@ -195,14 +195,14 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_set_name (handle, seuser, login_name);
if (ret != 0) {
fprintf (stderr, _("Could not set name for %s\n"), login_name);
fprintf (shadow_logfd, _("Could not set name for %s\n"), login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not set serange for %s\n"),
login_name);
ret = 1;
@ -211,7 +211,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not set SELinux user for %s\n"),
login_name);
ret = 1;
@ -220,7 +220,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_modify_local (handle, key, seuser);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not add login mapping for %s\n"),
login_name);
ret = 1;
@ -248,21 +248,21 @@ int set_seuser (const char *login_name, const char *seuser_name)
handle = semanage_init ();
if (NULL == handle) {
fprintf (stderr, _("Cannot init SELinux management\n"));
fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_key_create (handle, login_name, &key);
if (ret != 0) {
fprintf (stderr, _("Cannot create SELinux user key\n"));
fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_exists (handle, key, &seuser_exists);
if (ret < 0) {
fprintf (stderr, _("Cannot verify the SELinux user\n"));
fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
ret = 1;
goto done;
}
@ -270,7 +270,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
if (0 != seuser_exists) {
ret = semanage_user_mod (handle, key, login_name, seuser_name);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Cannot modify SELinux user mapping\n"));
ret = 1;
goto done;
@ -278,7 +278,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
} else {
ret = semanage_user_add (handle, key, login_name, seuser_name);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Cannot add SELinux user mapping\n"));
ret = 1;
goto done;
@ -287,7 +287,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
ret = semanage_commit (handle);
if (ret < 0) {
fprintf (stderr, _("Cannot commit SELinux transaction\n"));
fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
ret = 1;
goto done;
}
@ -310,27 +310,27 @@ int del_seuser (const char *login_name)
handle = semanage_init ();
if (NULL == handle) {
fprintf (stderr, _("Cannot init SELinux management\n"));
fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_key_create (handle, login_name, &key);
if (ret != 0) {
fprintf (stderr, _("Cannot create SELinux user key\n"));
fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_exists (handle, key, &exists);
if (ret < 0) {
fprintf (stderr, _("Cannot verify the SELinux user\n"));
fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
ret = 1;
goto done;
}
if (0 == exists) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Login mapping for %s is not defined, OK if default mapping was used\n"),
login_name);
ret = 0; /* probably default mapping */
@ -339,13 +339,13 @@ int del_seuser (const char *login_name)
ret = semanage_seuser_exists_local (handle, key, &exists);
if (ret < 0) {
fprintf (stderr, _("Cannot verify the SELinux user\n"));
fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
ret = 1;
goto done;
}
if (0 == exists) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Login mapping for %s is defined in policy, cannot be deleted\n"),
login_name);
ret = 0; /* Login mapping defined in policy can't be deleted */
@ -354,7 +354,7 @@ int del_seuser (const char *login_name)
ret = semanage_seuser_del_local (handle, key);
if (ret != 0) {
fprintf (stderr,
fprintf (shadow_logfd,
_("Could not delete login mapping for %s"),
login_name);
ret = 1;
@ -363,7 +363,7 @@ int del_seuser (const char *login_name)
ret = semanage_commit (handle);
if (ret < 0) {
fprintf (stderr, _("Cannot commit SELinux transaction\n"));
fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
ret = 1;
goto done;
}