| Message ID | 20220505174401.24442-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 0c407c3f1df9 |
| Headers | show |
| Series | libselinux/utils: print errno on failure | expand |
On Sat, May 7, 2022 at 11:59 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Print error description on failure after functions known to set errno. > > Also mention the library function name in getenforce, policyvers and > setenforce instead of the program name twice. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > libselinux/utils/compute_av.c | 3 ++- > libselinux/utils/compute_create.c | 5 +++-- > libselinux/utils/compute_member.c | 5 +++-- > libselinux/utils/compute_relabel.c | 5 +++-- > libselinux/utils/getconlist.c | 2 +- > libselinux/utils/getdefaultcon.c | 2 +- > libselinux/utils/getenforce.c | 4 +++- > libselinux/utils/getfilecon.c | 6 ++++-- > libselinux/utils/getpidcon.c | 4 +++- > libselinux/utils/policyvers.c | 4 +++- > libselinux/utils/selabel_digest.c | 2 +- > libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++- > libselinux/utils/selabel_lookup.c | 3 ++- > libselinux/utils/selabel_lookup_best_match.c | 3 ++- > libselinux/utils/selabel_partial_match.c | 3 ++- > libselinux/utils/setenforce.c | 3 ++- > libselinux/utils/setfilecon.c | 6 ++++-- > 17 files changed, 41 insertions(+), 22 deletions(-) > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > index ef08338f..cca407d6 100644 > --- a/libselinux/utils/compute_av.c > +++ b/libselinux/utils/compute_av.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > > ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]); > + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno)); > exit(3); > } > Back in August you converted a bunch of strerror() uses in libselinux to instead use "%m" for thread safety. Since all of these are for utility programs and not the main library, thread safety is not a concern, but is there any reason not to just use "%m"? Jim > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > index 63029c19..c6481f4b 100644 > --- a/libselinux/utils/compute_create.c > +++ b/libselinux/utils/compute_create.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > ret = security_compute_create(argv[1], argv[2], tclass, &buf); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_create failed\n", > - argv[0]); > + fprintf(stderr, "%s: security_compute_create failed: %s\n", > + argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > index 1ef47c25..9fe790ee 100644 > --- a/libselinux/utils/compute_member.c > +++ b/libselinux/utils/compute_member.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > ret = security_compute_member(argv[1], argv[2], tclass, &buf); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_member failed\n", > - argv[0]); > + fprintf(stderr, "%s: security_compute_member failed: %s\n", > + argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > index f6a957da..bdd39d0f 100644 > --- a/libselinux/utils/compute_relabel.c > +++ b/libselinux/utils/compute_relabel.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > ret = security_compute_relabel(argv[1], argv[2], tclass, &buf); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_relabel failed\n", > - argv[0]); > + fprintf(stderr, "%s: security_compute_relabel failed: %s\n", > + argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c > index 0bb28469..92f6a793 100644 > --- a/libselinux/utils/getconlist.c > +++ b/libselinux/utils/getconlist.c > @@ -55,7 +55,7 @@ int main(int argc, char **argv) > /* If a context wasn't passed, use the current context. */ > if (((argc - optind) < 2)) { > if (getcon(&cur_context) < 0) { > - fprintf(stderr, "Couldn't get current context.\n"); > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > free(level); > return 2; > } > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > index 590e98d9..93102e5e 100644 > --- a/libselinux/utils/getdefaultcon.c > +++ b/libselinux/utils/getdefaultcon.c > @@ -62,7 +62,7 @@ int main(int argc, char **argv) > /* If a context wasn't passed, use the current context. */ > if (((argc - optind) < 2)) { > if (getcon(&cur_context) < 0) { > - fprintf(stderr, "Couldn't get current context.\n"); > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > return 2; > } > } else > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c > index e5d19c54..aeeb79a8 100644 > --- a/libselinux/utils/getenforce.c > +++ b/libselinux/utils/getenforce.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc __attribute__ ((unused)), > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)), > if (rc == 1) { > rc = security_getenforce(); > if (rc < 0) { > - fputs("getenforce: getenforce() failed", stderr); > + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno)); > return 2; > } > > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c > index 6266ae16..b823a1a1 100644 > --- a/libselinux/utils/getfilecon.c > +++ b/libselinux/utils/getfilecon.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc, char **argv) > @@ -16,8 +18,8 @@ int main(int argc, char **argv) > for (i = 1; i < argc; i++) { > rc = getfilecon(argv[i], &buf); > if (rc < 0) { > - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0], > - argv[i]); > + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0], > + argv[i], strerror(errno)); > exit(2); > } > printf("%s\t%s\n", argv[i], buf); > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c > index ea6c274e..1a88fa6d 100644 > --- a/libselinux/utils/getpidcon.c > +++ b/libselinux/utils/getpidcon.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc, char **argv) > @@ -21,7 +23,7 @@ int main(int argc, char **argv) > > rc = getpidcon(pid, &buf); > if (rc < 0) { > - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]); > + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c > index dd56f2c7..5230bcaf 100644 > --- a/libselinux/utils/policyvers.c > +++ b/libselinux/utils/policyvers.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc __attribute__ ((unused)), char **argv) > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv) > > rc = security_policyvers(); > if (rc < 0) { > - fprintf(stderr, "%s: policyvers() failed\n", argv[0]); > + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno)); > exit(2); > } > > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c > index 49408a0b..6a8313a2 100644 > --- a/libselinux/utils/selabel_digest.c > +++ b/libselinux/utils/selabel_digest.c > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest) > > fp = popen(cmd, "r"); > if (!fp) { > - printf("Failed to run command line\n"); > + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c > index e28833d2..c4e0f836 100644 > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c > @@ -77,7 +77,8 @@ int main(int argc, char **argv) > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c > index 1aef64de..112ffda1 100644 > --- a/libselinux/utils/selabel_lookup.c > +++ b/libselinux/utils/selabel_lookup.c > @@ -91,7 +91,8 @@ int main(int argc, char **argv) > hnd = selabel_open(backend, selabel_option, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c > index 2cddc6cd..a4af0679 100644 > --- a/libselinux/utils/selabel_lookup_best_match.c > +++ b/libselinux/utils/selabel_lookup_best_match.c > @@ -117,7 +117,8 @@ int main(int argc, char **argv) > hnd = selabel_open(SELABEL_CTX_FILE, options, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > rc = -1; > goto out; > } > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c > index c5932cb1..7bbd5777 100644 > --- a/libselinux/utils/selabel_partial_match.c > +++ b/libselinux/utils/selabel_partial_match.c > @@ -61,7 +61,8 @@ int main(int argc, char **argv) > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c > index 60a20a4b..67c13dca 100644 > --- a/libselinux/utils/setenforce.c > +++ b/libselinux/utils/setenforce.c > @@ -4,6 +4,7 @@ > #include <ctype.h> > #include <string.h> > #include <strings.h> > +#include <errno.h> > #include <selinux/selinux.h> > > static __attribute__ ((__noreturn__)) void usage(const char *progname) > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > usage(argv[0]); > } > if (rc < 0) { > - fprintf(stderr, "%s: setenforce() failed\n", argv[0]); > + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno)); > return 2; > } > return 0; > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c > index 79af55de..a3fbc3ed 100644 > --- a/libselinux/utils/setfilecon.c > +++ b/libselinux/utils/setfilecon.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc, char **argv) > @@ -15,8 +17,8 @@ int main(int argc, char **argv) > for (i = 2; i < argc; i++) { > rc = setfilecon(argv[i], argv[1]); > if (rc < 0) { > - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n", > - argv[0], argv[i], argv[1]); > + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n", > + argv[0], argv[i], argv[1], strerror(errno)); > exit(2); > } > } > -- > 2.36.0 >
On Mon, 9 May 2022 at 16:38, James Carter <jwcart2@gmail.com> wrote: > > On Sat, May 7, 2022 at 11:59 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Print error description on failure after functions known to set errno. > > > > Also mention the library function name in getenforce, policyvers and > > setenforce instead of the program name twice. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > --- > > libselinux/utils/compute_av.c | 3 ++- > > libselinux/utils/compute_create.c | 5 +++-- > > libselinux/utils/compute_member.c | 5 +++-- > > libselinux/utils/compute_relabel.c | 5 +++-- > > libselinux/utils/getconlist.c | 2 +- > > libselinux/utils/getdefaultcon.c | 2 +- > > libselinux/utils/getenforce.c | 4 +++- > > libselinux/utils/getfilecon.c | 6 ++++-- > > libselinux/utils/getpidcon.c | 4 +++- > > libselinux/utils/policyvers.c | 4 +++- > > libselinux/utils/selabel_digest.c | 2 +- > > libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++- > > libselinux/utils/selabel_lookup.c | 3 ++- > > libselinux/utils/selabel_lookup_best_match.c | 3 ++- > > libselinux/utils/selabel_partial_match.c | 3 ++- > > libselinux/utils/setenforce.c | 3 ++- > > libselinux/utils/setfilecon.c | 6 ++++-- > > 17 files changed, 41 insertions(+), 22 deletions(-) > > > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > > index ef08338f..cca407d6 100644 > > --- a/libselinux/utils/compute_av.c > > +++ b/libselinux/utils/compute_av.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > > > > ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]); > > + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno)); > > exit(3); > > } > > > > Back in August you converted a bunch of strerror() uses in libselinux > to instead use "%m" for thread safety. Since all of these are for > utility programs and not the main library, thread safety is not a > concern, but is there any reason not to just use "%m"? None to my knowledge, other than matching the surrounding code. > > Jim > > > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > > index 63029c19..c6481f4b 100644 > > --- a/libselinux/utils/compute_create.c > > +++ b/libselinux/utils/compute_create.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > > > ret = security_compute_create(argv[1], argv[2], tclass, &buf); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_create failed\n", > > - argv[0]); > > + fprintf(stderr, "%s: security_compute_create failed: %s\n", > > + argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > > index 1ef47c25..9fe790ee 100644 > > --- a/libselinux/utils/compute_member.c > > +++ b/libselinux/utils/compute_member.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > > > ret = security_compute_member(argv[1], argv[2], tclass, &buf); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_member failed\n", > > - argv[0]); > > + fprintf(stderr, "%s: security_compute_member failed: %s\n", > > + argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > > index f6a957da..bdd39d0f 100644 > > --- a/libselinux/utils/compute_relabel.c > > +++ b/libselinux/utils/compute_relabel.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > > > ret = security_compute_relabel(argv[1], argv[2], tclass, &buf); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_relabel failed\n", > > - argv[0]); > > + fprintf(stderr, "%s: security_compute_relabel failed: %s\n", > > + argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c > > index 0bb28469..92f6a793 100644 > > --- a/libselinux/utils/getconlist.c > > +++ b/libselinux/utils/getconlist.c > > @@ -55,7 +55,7 @@ int main(int argc, char **argv) > > /* If a context wasn't passed, use the current context. */ > > if (((argc - optind) < 2)) { > > if (getcon(&cur_context) < 0) { > > - fprintf(stderr, "Couldn't get current context.\n"); > > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > > free(level); > > return 2; > > } > > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > > index 590e98d9..93102e5e 100644 > > --- a/libselinux/utils/getdefaultcon.c > > +++ b/libselinux/utils/getdefaultcon.c > > @@ -62,7 +62,7 @@ int main(int argc, char **argv) > > /* If a context wasn't passed, use the current context. */ > > if (((argc - optind) < 2)) { > > if (getcon(&cur_context) < 0) { > > - fprintf(stderr, "Couldn't get current context.\n"); > > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > > return 2; > > } > > } else > > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c > > index e5d19c54..aeeb79a8 100644 > > --- a/libselinux/utils/getenforce.c > > +++ b/libselinux/utils/getenforce.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc __attribute__ ((unused)), > > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)), > > if (rc == 1) { > > rc = security_getenforce(); > > if (rc < 0) { > > - fputs("getenforce: getenforce() failed", stderr); > > + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno)); > > return 2; > > } > > > > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c > > index 6266ae16..b823a1a1 100644 > > --- a/libselinux/utils/getfilecon.c > > +++ b/libselinux/utils/getfilecon.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc, char **argv) > > @@ -16,8 +18,8 @@ int main(int argc, char **argv) > > for (i = 1; i < argc; i++) { > > rc = getfilecon(argv[i], &buf); > > if (rc < 0) { > > - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0], > > - argv[i]); > > + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0], > > + argv[i], strerror(errno)); > > exit(2); > > } > > printf("%s\t%s\n", argv[i], buf); > > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c > > index ea6c274e..1a88fa6d 100644 > > --- a/libselinux/utils/getpidcon.c > > +++ b/libselinux/utils/getpidcon.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc, char **argv) > > @@ -21,7 +23,7 @@ int main(int argc, char **argv) > > > > rc = getpidcon(pid, &buf); > > if (rc < 0) { > > - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]); > > + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c > > index dd56f2c7..5230bcaf 100644 > > --- a/libselinux/utils/policyvers.c > > +++ b/libselinux/utils/policyvers.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc __attribute__ ((unused)), char **argv) > > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv) > > > > rc = security_policyvers(); > > if (rc < 0) { > > - fprintf(stderr, "%s: policyvers() failed\n", argv[0]); > > + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno)); > > exit(2); > > } > > > > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c > > index 49408a0b..6a8313a2 100644 > > --- a/libselinux/utils/selabel_digest.c > > +++ b/libselinux/utils/selabel_digest.c > > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest) > > > > fp = popen(cmd, "r"); > > if (!fp) { > > - printf("Failed to run command line\n"); > > + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c > > index e28833d2..c4e0f836 100644 > > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c > > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c > > @@ -77,7 +77,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c > > index 1aef64de..112ffda1 100644 > > --- a/libselinux/utils/selabel_lookup.c > > +++ b/libselinux/utils/selabel_lookup.c > > @@ -91,7 +91,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(backend, selabel_option, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c > > index 2cddc6cd..a4af0679 100644 > > --- a/libselinux/utils/selabel_lookup_best_match.c > > +++ b/libselinux/utils/selabel_lookup_best_match.c > > @@ -117,7 +117,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(SELABEL_CTX_FILE, options, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > rc = -1; > > goto out; > > } > > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c > > index c5932cb1..7bbd5777 100644 > > --- a/libselinux/utils/selabel_partial_match.c > > +++ b/libselinux/utils/selabel_partial_match.c > > @@ -61,7 +61,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c > > index 60a20a4b..67c13dca 100644 > > --- a/libselinux/utils/setenforce.c > > +++ b/libselinux/utils/setenforce.c > > @@ -4,6 +4,7 @@ > > #include <ctype.h> > > #include <string.h> > > #include <strings.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > static __attribute__ ((__noreturn__)) void usage(const char *progname) > > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > > usage(argv[0]); > > } > > if (rc < 0) { > > - fprintf(stderr, "%s: setenforce() failed\n", argv[0]); > > + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno)); > > return 2; > > } > > return 0; > > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c > > index 79af55de..a3fbc3ed 100644 > > --- a/libselinux/utils/setfilecon.c > > +++ b/libselinux/utils/setfilecon.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc, char **argv) > > @@ -15,8 +17,8 @@ int main(int argc, char **argv) > > for (i = 2; i < argc; i++) { > > rc = setfilecon(argv[i], argv[1]); > > if (rc < 0) { > > - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n", > > - argv[0], argv[i], argv[1]); > > + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n", > > + argv[0], argv[i], argv[1], strerror(errno)); > > exit(2); > > } > > } > > -- > > 2.36.0 > >
On Sat, May 7, 2022 at 11:59 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Print error description on failure after functions known to set errno. > > Also mention the library function name in getenforce, policyvers and > setenforce instead of the program name twice. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libselinux/utils/compute_av.c | 3 ++- > libselinux/utils/compute_create.c | 5 +++-- > libselinux/utils/compute_member.c | 5 +++-- > libselinux/utils/compute_relabel.c | 5 +++-- > libselinux/utils/getconlist.c | 2 +- > libselinux/utils/getdefaultcon.c | 2 +- > libselinux/utils/getenforce.c | 4 +++- > libselinux/utils/getfilecon.c | 6 ++++-- > libselinux/utils/getpidcon.c | 4 +++- > libselinux/utils/policyvers.c | 4 +++- > libselinux/utils/selabel_digest.c | 2 +- > libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++- > libselinux/utils/selabel_lookup.c | 3 ++- > libselinux/utils/selabel_lookup_best_match.c | 3 ++- > libselinux/utils/selabel_partial_match.c | 3 ++- > libselinux/utils/setenforce.c | 3 ++- > libselinux/utils/setfilecon.c | 6 ++++-- > 17 files changed, 41 insertions(+), 22 deletions(-) > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > index ef08338f..cca407d6 100644 > --- a/libselinux/utils/compute_av.c > +++ b/libselinux/utils/compute_av.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > > ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]); > + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > index 63029c19..c6481f4b 100644 > --- a/libselinux/utils/compute_create.c > +++ b/libselinux/utils/compute_create.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > ret = security_compute_create(argv[1], argv[2], tclass, &buf); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_create failed\n", > - argv[0]); > + fprintf(stderr, "%s: security_compute_create failed: %s\n", > + argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > index 1ef47c25..9fe790ee 100644 > --- a/libselinux/utils/compute_member.c > +++ b/libselinux/utils/compute_member.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > ret = security_compute_member(argv[1], argv[2], tclass, &buf); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_member failed\n", > - argv[0]); > + fprintf(stderr, "%s: security_compute_member failed: %s\n", > + argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > index f6a957da..bdd39d0f 100644 > --- a/libselinux/utils/compute_relabel.c > +++ b/libselinux/utils/compute_relabel.c > @@ -2,6 +2,7 @@ > #include <sys/types.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > #include <errno.h> > #include <selinux/selinux.h> > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > ret = security_compute_relabel(argv[1], argv[2], tclass, &buf); > if (ret < 0) { > - fprintf(stderr, "%s: security_compute_relabel failed\n", > - argv[0]); > + fprintf(stderr, "%s: security_compute_relabel failed: %s\n", > + argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c > index 0bb28469..92f6a793 100644 > --- a/libselinux/utils/getconlist.c > +++ b/libselinux/utils/getconlist.c > @@ -55,7 +55,7 @@ int main(int argc, char **argv) > /* If a context wasn't passed, use the current context. */ > if (((argc - optind) < 2)) { > if (getcon(&cur_context) < 0) { > - fprintf(stderr, "Couldn't get current context.\n"); > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > free(level); > return 2; > } > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > index 590e98d9..93102e5e 100644 > --- a/libselinux/utils/getdefaultcon.c > +++ b/libselinux/utils/getdefaultcon.c > @@ -62,7 +62,7 @@ int main(int argc, char **argv) > /* If a context wasn't passed, use the current context. */ > if (((argc - optind) < 2)) { > if (getcon(&cur_context) < 0) { > - fprintf(stderr, "Couldn't get current context.\n"); > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > return 2; > } > } else > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c > index e5d19c54..aeeb79a8 100644 > --- a/libselinux/utils/getenforce.c > +++ b/libselinux/utils/getenforce.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc __attribute__ ((unused)), > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)), > if (rc == 1) { > rc = security_getenforce(); > if (rc < 0) { > - fputs("getenforce: getenforce() failed", stderr); > + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno)); > return 2; > } > > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c > index 6266ae16..b823a1a1 100644 > --- a/libselinux/utils/getfilecon.c > +++ b/libselinux/utils/getfilecon.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc, char **argv) > @@ -16,8 +18,8 @@ int main(int argc, char **argv) > for (i = 1; i < argc; i++) { > rc = getfilecon(argv[i], &buf); > if (rc < 0) { > - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0], > - argv[i]); > + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0], > + argv[i], strerror(errno)); > exit(2); > } > printf("%s\t%s\n", argv[i], buf); > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c > index ea6c274e..1a88fa6d 100644 > --- a/libselinux/utils/getpidcon.c > +++ b/libselinux/utils/getpidcon.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc, char **argv) > @@ -21,7 +23,7 @@ int main(int argc, char **argv) > > rc = getpidcon(pid, &buf); > if (rc < 0) { > - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]); > + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno)); > exit(3); > } > > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c > index dd56f2c7..5230bcaf 100644 > --- a/libselinux/utils/policyvers.c > +++ b/libselinux/utils/policyvers.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc __attribute__ ((unused)), char **argv) > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv) > > rc = security_policyvers(); > if (rc < 0) { > - fprintf(stderr, "%s: policyvers() failed\n", argv[0]); > + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno)); > exit(2); > } > > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c > index 49408a0b..6a8313a2 100644 > --- a/libselinux/utils/selabel_digest.c > +++ b/libselinux/utils/selabel_digest.c > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest) > > fp = popen(cmd, "r"); > if (!fp) { > - printf("Failed to run command line\n"); > + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c > index e28833d2..c4e0f836 100644 > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c > @@ -77,7 +77,8 @@ int main(int argc, char **argv) > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c > index 1aef64de..112ffda1 100644 > --- a/libselinux/utils/selabel_lookup.c > +++ b/libselinux/utils/selabel_lookup.c > @@ -91,7 +91,8 @@ int main(int argc, char **argv) > hnd = selabel_open(backend, selabel_option, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c > index 2cddc6cd..a4af0679 100644 > --- a/libselinux/utils/selabel_lookup_best_match.c > +++ b/libselinux/utils/selabel_lookup_best_match.c > @@ -117,7 +117,8 @@ int main(int argc, char **argv) > hnd = selabel_open(SELABEL_CTX_FILE, options, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > rc = -1; > goto out; > } > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c > index c5932cb1..7bbd5777 100644 > --- a/libselinux/utils/selabel_partial_match.c > +++ b/libselinux/utils/selabel_partial_match.c > @@ -61,7 +61,8 @@ int main(int argc, char **argv) > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > if (!hnd) { > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > - "handle.\n"); > + "handle: %s\n", > + strerror(errno)); > return -1; > } > > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c > index 60a20a4b..67c13dca 100644 > --- a/libselinux/utils/setenforce.c > +++ b/libselinux/utils/setenforce.c > @@ -4,6 +4,7 @@ > #include <ctype.h> > #include <string.h> > #include <strings.h> > +#include <errno.h> > #include <selinux/selinux.h> > > static __attribute__ ((__noreturn__)) void usage(const char *progname) > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > usage(argv[0]); > } > if (rc < 0) { > - fprintf(stderr, "%s: setenforce() failed\n", argv[0]); > + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno)); > return 2; > } > return 0; > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c > index 79af55de..a3fbc3ed 100644 > --- a/libselinux/utils/setfilecon.c > +++ b/libselinux/utils/setfilecon.c > @@ -1,6 +1,8 @@ > #include <unistd.h> > #include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <errno.h> > #include <selinux/selinux.h> > > int main(int argc, char **argv) > @@ -15,8 +17,8 @@ int main(int argc, char **argv) > for (i = 2; i < argc; i++) { > rc = setfilecon(argv[i], argv[1]); > if (rc < 0) { > - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n", > - argv[0], argv[i], argv[1]); > + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n", > + argv[0], argv[i], argv[1], strerror(errno)); > exit(2); > } > } > -- > 2.36.0 >
On Thu, May 12, 2022 at 3:38 PM James Carter <jwcart2@gmail.com> wrote: > > On Sat, May 7, 2022 at 11:59 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Print error description on failure after functions known to set errno. > > > > Also mention the library function name in getenforce, policyvers and > > setenforce instead of the program name twice. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libselinux/utils/compute_av.c | 3 ++- > > libselinux/utils/compute_create.c | 5 +++-- > > libselinux/utils/compute_member.c | 5 +++-- > > libselinux/utils/compute_relabel.c | 5 +++-- > > libselinux/utils/getconlist.c | 2 +- > > libselinux/utils/getdefaultcon.c | 2 +- > > libselinux/utils/getenforce.c | 4 +++- > > libselinux/utils/getfilecon.c | 6 ++++-- > > libselinux/utils/getpidcon.c | 4 +++- > > libselinux/utils/policyvers.c | 4 +++- > > libselinux/utils/selabel_digest.c | 2 +- > > libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++- > > libselinux/utils/selabel_lookup.c | 3 ++- > > libselinux/utils/selabel_lookup_best_match.c | 3 ++- > > libselinux/utils/selabel_partial_match.c | 3 ++- > > libselinux/utils/setenforce.c | 3 ++- > > libselinux/utils/setfilecon.c | 6 ++++-- > > 17 files changed, 41 insertions(+), 22 deletions(-) > > > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > > index ef08338f..cca407d6 100644 > > --- a/libselinux/utils/compute_av.c > > +++ b/libselinux/utils/compute_av.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > > > > ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]); > > + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > > index 63029c19..c6481f4b 100644 > > --- a/libselinux/utils/compute_create.c > > +++ b/libselinux/utils/compute_create.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > > > ret = security_compute_create(argv[1], argv[2], tclass, &buf); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_create failed\n", > > - argv[0]); > > + fprintf(stderr, "%s: security_compute_create failed: %s\n", > > + argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > > index 1ef47c25..9fe790ee 100644 > > --- a/libselinux/utils/compute_member.c > > +++ b/libselinux/utils/compute_member.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > > > ret = security_compute_member(argv[1], argv[2], tclass, &buf); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_member failed\n", > > - argv[0]); > > + fprintf(stderr, "%s: security_compute_member failed: %s\n", > > + argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > > index f6a957da..bdd39d0f 100644 > > --- a/libselinux/utils/compute_relabel.c > > +++ b/libselinux/utils/compute_relabel.c > > @@ -2,6 +2,7 @@ > > #include <sys/types.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > #include <errno.h> > > #include <selinux/selinux.h> > > > > @@ -35,8 +36,8 @@ int main(int argc, char **argv) > > > > ret = security_compute_relabel(argv[1], argv[2], tclass, &buf); > > if (ret < 0) { > > - fprintf(stderr, "%s: security_compute_relabel failed\n", > > - argv[0]); > > + fprintf(stderr, "%s: security_compute_relabel failed: %s\n", > > + argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c > > index 0bb28469..92f6a793 100644 > > --- a/libselinux/utils/getconlist.c > > +++ b/libselinux/utils/getconlist.c > > @@ -55,7 +55,7 @@ int main(int argc, char **argv) > > /* If a context wasn't passed, use the current context. */ > > if (((argc - optind) < 2)) { > > if (getcon(&cur_context) < 0) { > > - fprintf(stderr, "Couldn't get current context.\n"); > > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > > free(level); > > return 2; > > } > > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > > index 590e98d9..93102e5e 100644 > > --- a/libselinux/utils/getdefaultcon.c > > +++ b/libselinux/utils/getdefaultcon.c > > @@ -62,7 +62,7 @@ int main(int argc, char **argv) > > /* If a context wasn't passed, use the current context. */ > > if (((argc - optind) < 2)) { > > if (getcon(&cur_context) < 0) { > > - fprintf(stderr, "Couldn't get current context.\n"); > > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); > > return 2; > > } > > } else > > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c > > index e5d19c54..aeeb79a8 100644 > > --- a/libselinux/utils/getenforce.c > > +++ b/libselinux/utils/getenforce.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc __attribute__ ((unused)), > > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)), > > if (rc == 1) { > > rc = security_getenforce(); > > if (rc < 0) { > > - fputs("getenforce: getenforce() failed", stderr); > > + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno)); > > return 2; > > } > > > > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c > > index 6266ae16..b823a1a1 100644 > > --- a/libselinux/utils/getfilecon.c > > +++ b/libselinux/utils/getfilecon.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc, char **argv) > > @@ -16,8 +18,8 @@ int main(int argc, char **argv) > > for (i = 1; i < argc; i++) { > > rc = getfilecon(argv[i], &buf); > > if (rc < 0) { > > - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0], > > - argv[i]); > > + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0], > > + argv[i], strerror(errno)); > > exit(2); > > } > > printf("%s\t%s\n", argv[i], buf); > > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c > > index ea6c274e..1a88fa6d 100644 > > --- a/libselinux/utils/getpidcon.c > > +++ b/libselinux/utils/getpidcon.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc, char **argv) > > @@ -21,7 +23,7 @@ int main(int argc, char **argv) > > > > rc = getpidcon(pid, &buf); > > if (rc < 0) { > > - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]); > > + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno)); > > exit(3); > > } > > > > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c > > index dd56f2c7..5230bcaf 100644 > > --- a/libselinux/utils/policyvers.c > > +++ b/libselinux/utils/policyvers.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc __attribute__ ((unused)), char **argv) > > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv) > > > > rc = security_policyvers(); > > if (rc < 0) { > > - fprintf(stderr, "%s: policyvers() failed\n", argv[0]); > > + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno)); > > exit(2); > > } > > > > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c > > index 49408a0b..6a8313a2 100644 > > --- a/libselinux/utils/selabel_digest.c > > +++ b/libselinux/utils/selabel_digest.c > > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest) > > > > fp = popen(cmd, "r"); > > if (!fp) { > > - printf("Failed to run command line\n"); > > + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c > > index e28833d2..c4e0f836 100644 > > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c > > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c > > @@ -77,7 +77,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c > > index 1aef64de..112ffda1 100644 > > --- a/libselinux/utils/selabel_lookup.c > > +++ b/libselinux/utils/selabel_lookup.c > > @@ -91,7 +91,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(backend, selabel_option, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c > > index 2cddc6cd..a4af0679 100644 > > --- a/libselinux/utils/selabel_lookup_best_match.c > > +++ b/libselinux/utils/selabel_lookup_best_match.c > > @@ -117,7 +117,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(SELABEL_CTX_FILE, options, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > rc = -1; > > goto out; > > } > > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c > > index c5932cb1..7bbd5777 100644 > > --- a/libselinux/utils/selabel_partial_match.c > > +++ b/libselinux/utils/selabel_partial_match.c > > @@ -61,7 +61,8 @@ int main(int argc, char **argv) > > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); > > if (!hnd) { > > fprintf(stderr, "ERROR: selabel_open - Could not obtain " > > - "handle.\n"); > > + "handle: %s\n", > > + strerror(errno)); > > return -1; > > } > > > > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c > > index 60a20a4b..67c13dca 100644 > > --- a/libselinux/utils/setenforce.c > > +++ b/libselinux/utils/setenforce.c > > @@ -4,6 +4,7 @@ > > #include <ctype.h> > > #include <string.h> > > #include <strings.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > static __attribute__ ((__noreturn__)) void usage(const char *progname) > > @@ -35,7 +36,7 @@ int main(int argc, char **argv) > > usage(argv[0]); > > } > > if (rc < 0) { > > - fprintf(stderr, "%s: setenforce() failed\n", argv[0]); > > + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno)); > > return 2; > > } > > return 0; > > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c > > index 79af55de..a3fbc3ed 100644 > > --- a/libselinux/utils/setfilecon.c > > +++ b/libselinux/utils/setfilecon.c > > @@ -1,6 +1,8 @@ > > #include <unistd.h> > > #include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <errno.h> > > #include <selinux/selinux.h> > > > > int main(int argc, char **argv) > > @@ -15,8 +17,8 @@ int main(int argc, char **argv) > > for (i = 2; i < argc; i++) { > > rc = setfilecon(argv[i], argv[1]); > > if (rc < 0) { > > - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n", > > - argv[0], argv[i], argv[1]); > > + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n", > > + argv[0], argv[i], argv[1], strerror(errno)); > > exit(2); > > } > > } > > -- > > 2.36.0 > >
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c index ef08338f..cca407d6 100644 --- a/libselinux/utils/compute_av.c +++ b/libselinux/utils/compute_av.c @@ -2,6 +2,7 @@ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <errno.h> #include <selinux/selinux.h> @@ -35,7 +36,7 @@ int main(int argc, char **argv) ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd); if (ret < 0) { - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]); + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno)); exit(3); } diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c index 63029c19..c6481f4b 100644 --- a/libselinux/utils/compute_create.c +++ b/libselinux/utils/compute_create.c @@ -2,6 +2,7 @@ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <errno.h> #include <selinux/selinux.h> @@ -35,8 +36,8 @@ int main(int argc, char **argv) ret = security_compute_create(argv[1], argv[2], tclass, &buf); if (ret < 0) { - fprintf(stderr, "%s: security_compute_create failed\n", - argv[0]); + fprintf(stderr, "%s: security_compute_create failed: %s\n", + argv[0], strerror(errno)); exit(3); } diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c index 1ef47c25..9fe790ee 100644 --- a/libselinux/utils/compute_member.c +++ b/libselinux/utils/compute_member.c @@ -2,6 +2,7 @@ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <errno.h> #include <selinux/selinux.h> @@ -35,8 +36,8 @@ int main(int argc, char **argv) ret = security_compute_member(argv[1], argv[2], tclass, &buf); if (ret < 0) { - fprintf(stderr, "%s: security_compute_member failed\n", - argv[0]); + fprintf(stderr, "%s: security_compute_member failed: %s\n", + argv[0], strerror(errno)); exit(3); } diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c index f6a957da..bdd39d0f 100644 --- a/libselinux/utils/compute_relabel.c +++ b/libselinux/utils/compute_relabel.c @@ -2,6 +2,7 @@ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <errno.h> #include <selinux/selinux.h> @@ -35,8 +36,8 @@ int main(int argc, char **argv) ret = security_compute_relabel(argv[1], argv[2], tclass, &buf); if (ret < 0) { - fprintf(stderr, "%s: security_compute_relabel failed\n", - argv[0]); + fprintf(stderr, "%s: security_compute_relabel failed: %s\n", + argv[0], strerror(errno)); exit(3); } diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c index 0bb28469..92f6a793 100644 --- a/libselinux/utils/getconlist.c +++ b/libselinux/utils/getconlist.c @@ -55,7 +55,7 @@ int main(int argc, char **argv) /* If a context wasn't passed, use the current context. */ if (((argc - optind) < 2)) { if (getcon(&cur_context) < 0) { - fprintf(stderr, "Couldn't get current context.\n"); + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); free(level); return 2; } diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c index 590e98d9..93102e5e 100644 --- a/libselinux/utils/getdefaultcon.c +++ b/libselinux/utils/getdefaultcon.c @@ -62,7 +62,7 @@ int main(int argc, char **argv) /* If a context wasn't passed, use the current context. */ if (((argc - optind) < 2)) { if (getcon(&cur_context) < 0) { - fprintf(stderr, "Couldn't get current context.\n"); + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno)); return 2; } } else diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c index e5d19c54..aeeb79a8 100644 --- a/libselinux/utils/getenforce.c +++ b/libselinux/utils/getenforce.c @@ -1,6 +1,8 @@ #include <unistd.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <errno.h> #include <selinux/selinux.h> int main(int argc __attribute__ ((unused)), @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)), if (rc == 1) { rc = security_getenforce(); if (rc < 0) { - fputs("getenforce: getenforce() failed", stderr); + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno)); return 2; } diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c index 6266ae16..b823a1a1 100644 --- a/libselinux/utils/getfilecon.c +++ b/libselinux/utils/getfilecon.c @@ -1,6 +1,8 @@ #include <unistd.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <errno.h> #include <selinux/selinux.h> int main(int argc, char **argv) @@ -16,8 +18,8 @@ int main(int argc, char **argv) for (i = 1; i < argc; i++) { rc = getfilecon(argv[i], &buf); if (rc < 0) { - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0], - argv[i]); + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0], + argv[i], strerror(errno)); exit(2); } printf("%s\t%s\n", argv[i], buf); diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c index ea6c274e..1a88fa6d 100644 --- a/libselinux/utils/getpidcon.c +++ b/libselinux/utils/getpidcon.c @@ -1,6 +1,8 @@ #include <unistd.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <errno.h> #include <selinux/selinux.h> int main(int argc, char **argv) @@ -21,7 +23,7 @@ int main(int argc, char **argv) rc = getpidcon(pid, &buf); if (rc < 0) { - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]); + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno)); exit(3); } diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c index dd56f2c7..5230bcaf 100644 --- a/libselinux/utils/policyvers.c +++ b/libselinux/utils/policyvers.c @@ -1,6 +1,8 @@ #include <unistd.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <errno.h> #include <selinux/selinux.h> int main(int argc __attribute__ ((unused)), char **argv) @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv) rc = security_policyvers(); if (rc < 0) { - fprintf(stderr, "%s: policyvers() failed\n", argv[0]); + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno)); exit(2); } diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c index 49408a0b..6a8313a2 100644 --- a/libselinux/utils/selabel_digest.c +++ b/libselinux/utils/selabel_digest.c @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest) fp = popen(cmd, "r"); if (!fp) { - printf("Failed to run command line\n"); + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno)); return -1; } diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c index e28833d2..c4e0f836 100644 --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c @@ -77,7 +77,8 @@ int main(int argc, char **argv) hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); if (!hnd) { fprintf(stderr, "ERROR: selabel_open - Could not obtain " - "handle.\n"); + "handle: %s\n", + strerror(errno)); return -1; } diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c index 1aef64de..112ffda1 100644 --- a/libselinux/utils/selabel_lookup.c +++ b/libselinux/utils/selabel_lookup.c @@ -91,7 +91,8 @@ int main(int argc, char **argv) hnd = selabel_open(backend, selabel_option, 2); if (!hnd) { fprintf(stderr, "ERROR: selabel_open - Could not obtain " - "handle.\n"); + "handle: %s\n", + strerror(errno)); return -1; } diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c index 2cddc6cd..a4af0679 100644 --- a/libselinux/utils/selabel_lookup_best_match.c +++ b/libselinux/utils/selabel_lookup_best_match.c @@ -117,7 +117,8 @@ int main(int argc, char **argv) hnd = selabel_open(SELABEL_CTX_FILE, options, 2); if (!hnd) { fprintf(stderr, "ERROR: selabel_open - Could not obtain " - "handle.\n"); + "handle: %s\n", + strerror(errno)); rc = -1; goto out; } diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c index c5932cb1..7bbd5777 100644 --- a/libselinux/utils/selabel_partial_match.c +++ b/libselinux/utils/selabel_partial_match.c @@ -61,7 +61,8 @@ int main(int argc, char **argv) hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2); if (!hnd) { fprintf(stderr, "ERROR: selabel_open - Could not obtain " - "handle.\n"); + "handle: %s\n", + strerror(errno)); return -1; } diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c index 60a20a4b..67c13dca 100644 --- a/libselinux/utils/setenforce.c +++ b/libselinux/utils/setenforce.c @@ -4,6 +4,7 @@ #include <ctype.h> #include <string.h> #include <strings.h> +#include <errno.h> #include <selinux/selinux.h> static __attribute__ ((__noreturn__)) void usage(const char *progname) @@ -35,7 +36,7 @@ int main(int argc, char **argv) usage(argv[0]); } if (rc < 0) { - fprintf(stderr, "%s: setenforce() failed\n", argv[0]); + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno)); return 2; } return 0; diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c index 79af55de..a3fbc3ed 100644 --- a/libselinux/utils/setfilecon.c +++ b/libselinux/utils/setfilecon.c @@ -1,6 +1,8 @@ #include <unistd.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <errno.h> #include <selinux/selinux.h> int main(int argc, char **argv) @@ -15,8 +17,8 @@ int main(int argc, char **argv) for (i = 2; i < argc; i++) { rc = setfilecon(argv[i], argv[1]); if (rc < 0) { - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n", - argv[0], argv[i], argv[1]); + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n", + argv[0], argv[i], argv[1], strerror(errno)); exit(2); } }
Print error description on failure after functions known to set errno. Also mention the library function name in getenforce, policyvers and setenforce instead of the program name twice. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/utils/compute_av.c | 3 ++- libselinux/utils/compute_create.c | 5 +++-- libselinux/utils/compute_member.c | 5 +++-- libselinux/utils/compute_relabel.c | 5 +++-- libselinux/utils/getconlist.c | 2 +- libselinux/utils/getdefaultcon.c | 2 +- libselinux/utils/getenforce.c | 4 +++- libselinux/utils/getfilecon.c | 6 ++++-- libselinux/utils/getpidcon.c | 4 +++- libselinux/utils/policyvers.c | 4 +++- libselinux/utils/selabel_digest.c | 2 +- libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++- libselinux/utils/selabel_lookup.c | 3 ++- libselinux/utils/selabel_lookup_best_match.c | 3 ++- libselinux/utils/selabel_partial_match.c | 3 ++- libselinux/utils/setenforce.c | 3 ++- libselinux/utils/setfilecon.c | 6 ++++-- 17 files changed, 41 insertions(+), 22 deletions(-)