libselinux: log no default label warning in verbose mode

Message ID	CAB9W1A1s20MMUyA5cgJteNA+r4V1Wo1VvWvaDj5M-ZSyR=o-8Q@mail.gmail.com (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> IronPort-PHdr: =?us-ascii?q?9a23=3AhhcpxxzCyCH0VkrXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?2+sRIJqq85mqBkHD//Il1AaPBtSKra4ewLOO6ujJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMgDexe7x/IAu5oQnMqsUanJZpJ7osxBfOvnZGYf?= =?us-ascii?q?ldy3lyJVKUkRb858Ow84Bm/i9Npf8v9NNOXLvjcaggQrNWEDopM2Yu5M32rhbD?= =?us-ascii?q?VheA5mEdUmoNjBVFBRXO4QzgUZfwtiv6sfd92DWfMMbrQ704RSiu4qF2QxDmki?= =?us-ascii?q?cHMyMy/n/RhMJ+kalXpAutqwFjz4LRZoyeKfhwcb7Hfd4CWGROUcReVyJBDI2y?= =?us-ascii?q?bIUBEfYOMP1CoIXhvVYDtweyCRWuCe7p1zRGhmX23ao/0+k5DA/GwBIvH8oOsH?= =?us-ascii?q?vKqtX+KbocUeWvw6nMyTXMcfNX0ir65YjTbhAuv+mMXbJufsrX00UvDAbFgU+U?= =?us-ascii?q?qYzhITyU1v8As2ee7+V6VOKvj3QrpB12ojiq38ohjJTCiIENyl3c6yl13Yk4Kc?= =?us-ascii?q?emREN0e9KoDpRduzuVOoZ5Ws8uXX1ktSIgxrAFuZO3ZjYGxIkoyhLFavGKcY6F?= =?us-ascii?q?6Q/5WumLOzd3nndldaq/hxms9UigzfXxWceq3VhTqCRInMfBuGoR2hDP68WLUO?= =?us-ascii?q?Vy8Vmk2TaU2ADf8ORELlo1larfMZIhx78wlp4LvUTCGC/5hln2gbeIekk59eWk?= =?us-ascii?q?8frrb7r8qpOCOIJ4kA7zP6s2lsy6G+s4MwwOX2aB+eS70b3u5Vb5QKlUgf0ukq?= =?us-ascii?q?nWrpbaKd4Apq68GQBV1oIj5Ai/Djq939QYmGMILFNBeB6dk4fpPFTOLOjiDfij?= =?us-ascii?q?m1SsjCtrx/feM736HJrNKnnDkLH8fbdy8ENc1Aoywsxf55JTEL0BJunzVVXruN?= =?us-ascii?q?zXCR85LV/8/+GyI9Vn15gCWGuJNYAHLL/Jul+FrrYkLPuLYoIOkDn6LPch6vvn?= =?us-ascii?q?jHt/klgYK/qHx5wSPUukE+xmLkPRWn/lhtMMAC9epRYzVOznjhuZVDdXY3ujd6?= =?us-ascii?q?057zA/TomhCNGQFciWnLWd0XLjTdVtbWdcBwXJSC/l?= MIME-Version: 1.0 In-Reply-To: <20170911104141.2629-1-cgzones@googlemail.com> References: <20170911104141.2629-1-cgzones@googlemail.com> From: Stephen Smalley <stephen.smalley@gmail.com> Date: Tue, 12 Sep 2017 12:04:21 -0400 Message-ID: <CAB9W1A1s20MMUyA5cgJteNA+r4V1Wo1VvWvaDj5M-ZSyR=o-8Q@mail.gmail.com> To: =?UTF-8?Q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> Content-Type: multipart/alternative; boundary="94eb2c07e8404cc07005590032c2" Subject: Re: [PATCH] libselinux: log no default label warning in verbose mode Precedence: list Cc: selinux <selinux@tycho.nsa.gov> Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Message ID

CAB9W1A1s20MMUyA5cgJteNA+r4V1Wo1VvWvaDj5M-ZSyR=o-8Q@mail.gmail.com (mailing list archive)

State

Not Applicable

Headers

IronPort-PHdr: =?us-ascii?q?9a23=3AhhcpxxzCyCH0VkrXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?2+sRIJqq85mqBkHD//Il1AaPBtSKra4ewLOO6ujJYi8p2d65qncMcZhBBVcuqP?=
	=?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?=
	=?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMgDexe7x/IAu5oQnMqsUanJZpJ7osxBfOvnZGYf?=
	=?us-ascii?q?ldy3lyJVKUkRb858Ow84Bm/i9Npf8v9NNOXLvjcaggQrNWEDopM2Yu5M32rhbD?=
	=?us-ascii?q?VheA5mEdUmoNjBVFBRXO4QzgUZfwtiv6sfd92DWfMMbrQ704RSiu4qF2QxDmki?=
	=?us-ascii?q?cHMyMy/n/RhMJ+kalXpAutqwFjz4LRZoyeKfhwcb7Hfd4CWGROUcReVyJBDI2y?=
	=?us-ascii?q?bIUBEfYOMP1CoIXhvVYDtweyCRWuCe7p1zRGhmX23ao/0+k5DA/GwBIvH8oOsH?=
	=?us-ascii?q?vKqtX+KbocUeWvw6nMyTXMcfNX0ir65YjTbhAuv+mMXbJufsrX00UvDAbFgU+U?=
	=?us-ascii?q?qYzhITyU1v8As2ee7+V6VOKvj3QrpB12ojiq38ohjJTCiIENyl3c6yl13Yk4Kc?=
	=?us-ascii?q?emREN0e9KoDpRduzuVOoZ5Ws8uXX1ktSIgxrAFuZO3ZjYGxIkoyhLFavGKcY6F?=
	=?us-ascii?q?6Q/5WumLOzd3nndldaq/hxms9UigzfXxWceq3VhTqCRInMfBuGoR2hDP68WLUO?=
	=?us-ascii?q?Vy8Vmk2TaU2ADf8ORELlo1larfMZIhx78wlp4LvUTCGC/5hln2gbeIekk59eWk?=
	=?us-ascii?q?8frrb7r8qpOCOIJ4kA7zP6s2lsy6G+s4MwwOX2aB+eS70b3u5Vb5QKlUgf0ukq?=
	=?us-ascii?q?nWrpbaKd4Apq68GQBV1oIj5Ai/Djq939QYmGMILFNBeB6dk4fpPFTOLOjiDfij?=
	=?us-ascii?q?m1SsjCtrx/feM736HJrNKnnDkLH8fbdy8ENc1Aoywsxf55JTEL0BJunzVVXruN?=
	=?us-ascii?q?zXCR85LV/8/+GyI9Vn15gCWGuJNYAHLL/Jul+FrrYkLPuLYoIOkDn6LPch6vvn?=
	=?us-ascii?q?jHt/klgYK/qHx5wSPUukE+xmLkPRWn/lhtMMAC9epRYzVOznjhuZVDdXY3ujd6?=
	=?us-ascii?q?057zA/TomhCNGQFciWnLWd0XLjTdVtbWdcBwXJSC/l?=
MIME-Version: 1.0
In-Reply-To: <20170911104141.2629-1-cgzones@googlemail.com>
References: <20170911104141.2629-1-cgzones@googlemail.com>
From: Stephen Smalley <stephen.smalley@gmail.com>
Date: Tue, 12 Sep 2017 12:04:21 -0400
Message-ID: <CAB9W1A1s20MMUyA5cgJteNA+r4V1Wo1VvWvaDj5M-ZSyR=o-8Q@mail.gmail.com>
To: =?UTF-8?Q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
Content-Type: multipart/alternative; boundary="94eb2c07e8404cc07005590032c2"
Subject: Re: [PATCH] libselinux: log no default label warning in verbose mode
Precedence: list
Cc: selinux <selinux@tycho.nsa.gov>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Commit Message

Stephen Smalley Sept. 12, 2017, 4:04 p.m. UTC

On Sep 11, 2017 3:45 AM, "Christian Göttsche via Selinux" <
selinux@tycho.nsa.gov> wrote:

Since 1cd972f restorecon does not print a warning in recurse mode for child
files without a default label.
Change it back in verbose mode:

$ touch /run/test.pid
$ restorecon -R /run
$ restorecon -v -R /run
Warning no default label for /run/test.pid


This seems to revert what was an intentional change to avoid noise in
fixfiles check output. See the mailing list discussions that preceded and
followed the patch.


Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/selinux_restorecon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

                                    "Warning no default label for %s\n",
                                    lookup_path);
--
2.14.1

Comments

Christian Göttsche Sept. 12, 2017, 7:49 p.m. UTC | #1

> This seems to revert what was an intentional change to avoid noise in
> fixfiles check output. See the mailing list discussions that preceded and
> followed the patch.


In my opinion, it's a helpful noise, which is triggered by an intended
file context `<<none>>`.
Is there any hack to get the old behavior back other than `find /run
-exec restorecon -n {} \;`?

Stephen Smalley Sept. 12, 2017, 10:09 p.m. UTC | #2

On Sep 12, 2017 12:49 PM, "Christian Göttsche" <cgzones@googlemail.com>
wrote:

> This seems to revert what was an intentional change to avoid noise in
> fixfiles check output. See the mailing list discussions that preceded and
> followed the patch.

In my opinion, it's a helpful noise, which is triggered by an intended
file context `<<none>>`.
Is there any hack to get the old behavior back other than `find /run
-exec restorecon -n {} \;`?

Why is that helpful/useful? It seems counterintuitive to warn the user that
you didn't label a file that was explicitly configured to not be labeled.
The only case where it makes sense is if the user explicitly requested to
label that particular file.

diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_
restorecon.c
index ced41152..6d0eabe0 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -614,7 +614,7 @@  static int restorecon_sb(const char *pathname, const
struct stat *sb,
                                                    sb->st_mode);

        if (rc < 0) {
-               if (errno == ENOENT && flags->warnonnomatch)
+               if (errno == ENOENT && (flags->verbose ||
flags->warnonnomatch))
                        selinux_log(SELINUX_INFO,

libselinux: log no default label warning in verbose mode

Commit Message

Comments

Patch