RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-18 12:14:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsemanage: Mute error messages from selinux_restorecon

Browse Source 
Mute error messages produced by selinux_restorecon when rebuilding the
policy store to avoid error messages in containers, image mode, etc.

Fixes:
 #podman build --security-opt=label=disable --cap-add=all --device /dev/fuse -t quay.io/jlebon/fedora-bootc:tier-x . --build-arg MANIFEST=fedora-tier-x.yaml --from quay.io/fedora/fedora:rawhide
...
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas/lang_ext:  Operation not supported
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas:  Operation not supported
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/cil:  Operation not supported
Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/hll:  Operation not supported
...

https://bugzilla.redhat.com/show_bug.cgi?id=2326348

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Vit Mojzis 2024-12-12 19:44:25 +01:00 committed by James Carter
parent 6c8f6390bc
commit 53078bb508
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libsemanage/src/semanage_store.c
View File

@ -3000,15 +3000,29 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
return 0;
}
/* log_callback muting all logs */
static int __attribute__ ((format(printf, 2, 3)))
log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) const char *fmt, ...)
{
return 0;
}
/* Make sure the file context and ownership of files in the policy
* store does not change */
void semanage_setfiles(semanage_handle_t * sh, const char *path){
struct stat sb;
int fd;
union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
union selinux_callback cb = { .func_log = log_callback_mute };
/* Mute all logs */
selinux_set_callback(SELINUX_CB_LOG, cb);
/* Fix the user and role portions of the context, ignore errors
* since this is not a critical operation */
selinux_restorecon(path, SELINUX_RESTORECON_SET_SPECFILE_CTX | SELINUX_RESTORECON_IGNORE_NOENTRY);
/* restore log_logging */
selinux_set_callback(SELINUX_CB_LOG, cb_orig);
/* Make sure "path" is owned by root */
if ((geteuid() != 0 || getegid() != 0) &&
((fd = open(path, O_RDONLY | O_CLOEXEC)) != -1)){