selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-01-06 21:49:55 +00:00

History

Laszlo Ersek 0b691d1afe selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS Currently, if the SELINUX_RESTORECON_ABORT_ON_ERROR flag is clear, then selinux_restorecon[_parallel]() does not abort the file tree walk upon an error, but the function itself fails the same, with the same (-1) return value. This in turn is reported by the setfiles(8) utility to its parent process with the same exit code (255). In libguestfs we want to proceed after setfiles(8) fails at most with such errors that occur during the file tree walk. We need setfiles(8) to exit with a distinct exit status in that situation. For this, introduce the SELINUX_RESTORECON_COUNT_ERRORS flag, and the corresponding selinux_restorecon_get_skipped_errors() function, for selinux_restorecon[_parallel]() to count, but otherwise ignore, errors during the file tree walk. When no other kind of error occurs, the relabeling functions will return zero, and the caller can fetch the number of errors ignored during the file tree walk with selinux_restorecon_get_skipped_errors(). Importantly, when at least one such error is skipped, we don't write partial match digests for subdirectories, as any masked error means that any subdirectory may not have been completely relabeled. Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Petr Lautrbach <plautrba@redhat.com> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 Signed-off-by: Laszlo Ersek <lersek@redhat.com>	2022-05-04 10:31:42 +02:00
..
selinux	selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS	2022-05-04 10:31:42 +02:00
Makefile	libselinux: build: follow standard semantics for DESTDIR and PREFIX	2018-02-14 15:59:36 +01:00

Laszlo Ersek 0b691d1afe selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS

Currently, if the SELINUX_RESTORECON_ABORT_ON_ERROR flag is clear, then
selinux_restorecon[_parallel]() does not abort the file tree walk upon an
error, but the function itself fails the same, with the same (-1) return
value. This in turn is reported by the setfiles(8) utility to its parent
process with the same exit code (255).

In libguestfs we want to proceed after setfiles(8) fails *at most* with
such errors that occur during the file tree walk. We need setfiles(8) to
exit with a distinct exit status in that situation.

For this, introduce the SELINUX_RESTORECON_COUNT_ERRORS flag, and the
corresponding selinux_restorecon_get_skipped_errors() function, for
selinux_restorecon[_parallel]() to count, but otherwise ignore, errors
during the file tree walk. When no other kind of error occurs, the
relabeling functions will return zero, and the caller can fetch the number
of errors ignored during the file tree walk with
selinux_restorecon_get_skipped_errors().

Importantly, when at least one such error is skipped, we don't write
partial match digests for subdirectories, as any masked error means that
any subdirectory may not have been completely relabeled.

Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>

2022-05-04 10:31:42 +02:00

selinux

selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS

2022-05-04 10:31:42 +02:00

Makefile

libselinux: build: follow standard semantics for DESTDIR and PREFIX

2018-02-14 15:59:36 +01:00