| Message ID | 20221101201803.372652-4-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | address deprecated warnings | expand |
On 11/1/22 16:17, Mimi Zohar wrote: > Writing either security.ima hashes or security.evm hmacs from userspace > will fail regardless of the IMA or EVM fix mode. In fix mode, 'touch' > will force security.ima and security.evm to be updated. > > Make the setxattr error messages more explicit and clear errno. > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > src/evmctl.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > index 54123bf20f03..b1dcd9b1c1ef 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > @@ -572,7 +572,7 @@ static int sign_evm(const char *file, const char *key) > if (xattr) { > err = lsetxattr(file, xattr_evm, sig, len, 0); > if (err < 0) { > - log_err("setxattr failed: %s\n", file); > + log_errno_reset(LOG_ERR, "Set EVM xattr failed: %s", file); Change 'Set' to 'Setting' (in other cases as well)? > return err; > } > } > @@ -615,7 +615,8 @@ static int hash_ima(const char *file) > if (xattr) { > err = lsetxattr(file, xattr_ima, hash, len, 0); > if (err < 0) { > - log_err("setxattr failed: %s\n", file); > + log_errno_reset(LOG_ERR, "Set IMA hash xattr failed: %s", > + file); > return err; > } > } > @@ -652,7 +653,8 @@ static int sign_ima(const char *file, const char *key) > if (xattr) { > err = lsetxattr(file, xattr_ima, sig, len, 0); > if (err < 0) { > - log_err("setxattr failed: %s\n", file); > + log_errno_reset(LOG_ERR, "Set IMA sig xattr failed: %s", > + file); > return err; > } > } > @@ -1125,7 +1127,7 @@ static int setxattr_ima(const char *file, char *sig_file) > > err = lsetxattr(file, xattr_ima, sig, len, 0); > if (err < 0) > - log_err("setxattr failed: %s\n", file); > + log_errno_reset(LOG_ERR, "Set IMA sig xattr failed: %s", file); > free(sig); > return err; > } > @@ -1323,7 +1325,8 @@ static int hmac_evm(const char *file, const char *key) > sig[0] = EVM_XATTR_HMAC; > err = lsetxattr(file, xattr_evm, sig, len + 1, 0); > if (err < 0) { > - log_err("setxattr failed: %s\n", file); > + log_errno_reset(LOG_ERR, "Set EVM hmac xattr failed: %s", > + file); > return err; > } > } Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
diff --git a/src/evmctl.c b/src/evmctl.c index 54123bf20f03..b1dcd9b1c1ef 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -572,7 +572,7 @@ static int sign_evm(const char *file, const char *key) if (xattr) { err = lsetxattr(file, xattr_evm, sig, len, 0); if (err < 0) { - log_err("setxattr failed: %s\n", file); + log_errno_reset(LOG_ERR, "Set EVM xattr failed: %s", file); return err; } } @@ -615,7 +615,8 @@ static int hash_ima(const char *file) if (xattr) { err = lsetxattr(file, xattr_ima, hash, len, 0); if (err < 0) { - log_err("setxattr failed: %s\n", file); + log_errno_reset(LOG_ERR, "Set IMA hash xattr failed: %s", + file); return err; } } @@ -652,7 +653,8 @@ static int sign_ima(const char *file, const char *key) if (xattr) { err = lsetxattr(file, xattr_ima, sig, len, 0); if (err < 0) { - log_err("setxattr failed: %s\n", file); + log_errno_reset(LOG_ERR, "Set IMA sig xattr failed: %s", + file); return err; } } @@ -1125,7 +1127,7 @@ static int setxattr_ima(const char *file, char *sig_file) err = lsetxattr(file, xattr_ima, sig, len, 0); if (err < 0) - log_err("setxattr failed: %s\n", file); + log_errno_reset(LOG_ERR, "Set IMA sig xattr failed: %s", file); free(sig); return err; } @@ -1323,7 +1325,8 @@ static int hmac_evm(const char *file, const char *key) sig[0] = EVM_XATTR_HMAC; err = lsetxattr(file, xattr_evm, sig, len + 1, 0); if (err < 0) { - log_err("setxattr failed: %s\n", file); + log_errno_reset(LOG_ERR, "Set EVM hmac xattr failed: %s", + file); return err; } }
Writing either security.ima hashes or security.evm hmacs from userspace will fail regardless of the IMA or EVM fix mode. In fix mode, 'touch' will force security.ima and security.evm to be updated. Make the setxattr error messages more explicit and clear errno. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/evmctl.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)