libsepol/cil: restore error on context rule conflicts
Commitbc26ddc59c
("libsepol/cil: Limit the amount of reporting for context rule conflicts") reworked the processing of context rule conflicts to limit the number of written conflicting statements to increase readability of the printed error message. It forgot to set the return value, signaling a context conflict, in the case the logging level is higher than warning (e.g. in semodule(8), which defaults to error). Reported-by: Milos Malik <mmalik@redhat.com> [1] Fixes:bc26ddc59c
("libsepol/cil: Limit the amount of reporting for context rule conflicts") [1]: https://lore.kernel.org/selinux/87y1u1rkoo.fsf@redhat.com/ Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
parent
fa5b0504d8
commit
3f11c7d19c
|
@ -2290,6 +2290,7 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
|
|||
} else {
|
||||
removed++;
|
||||
if (!db->multiple_decls || concompar(&sort->array[i], &sort->array[j]) != 0) {
|
||||
rc = SEPOL_ERR;
|
||||
conflicting++;
|
||||
if (log_level >= CIL_WARN) {
|
||||
struct cil_list_item li;
|
||||
|
@ -2297,7 +2298,6 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
|
|||
li.flavor = flavor;
|
||||
if (conflicting == 1) {
|
||||
cil_log(CIL_WARN, "Found conflicting %s rules\n", flavor_str);
|
||||
rc = SEPOL_ERR;
|
||||
li.data = sort->array[i];
|
||||
rc2 = cil_tree_walk(db->ast->root, __cil_post_report_conflict,
|
||||
NULL, NULL, &li);
|
||||
|
|
Loading…
Reference in New Issue