Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> --- src/security/security_apparmor.c | 37 +++++----- src/security/security_dac.c | 28 ++++---- src/security/security_driver.c | 4 +- src/security/security_manager.c | 6 +- src/security/security_selinux.c | 114 ++++++++++++++----------------- src/security/security_util.c | 16 ++--- src/security/virt-aa-helper.c | 10 +-- 7 files changed, 97 insertions(+), 118 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index b63b248975..e619919604 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -85,8 +85,8 @@ profile_status(const char *str, const int check_enforcing) if (virFileReadAll(APPARMOR_PROFILES_PATH, MAX_FILE_LEN, &content) < 0) { virReportSystemError(errno, - _("Failed to read AppArmor profiles list " - "\'%s\'"), APPARMOR_PROFILES_PATH); + _("Failed to read AppArmor profiles list \'%1$s\'"), + APPARMOR_PROFILES_PATH); return -2; } @@ -128,7 +128,7 @@ profile_status_file(const char *str) if ((len = virFileReadAll(profile, MAX_FILE_LEN, &content)) < 0) { virReportSystemError(errno, - _("Failed to read \'%s\'"), profile); + _("Failed to read \'%1$s\'"), profile); goto failed; } @@ -265,8 +265,7 @@ reload_profile(virSecurityManager *mgr, if (profile_loaded(secdef->imagelabel) >= 0) { if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot update AppArmor profile " - "\'%s\'"), + _("cannot update AppArmor profile \'%1$s\'"), secdef->imagelabel); return -1; } @@ -327,12 +326,12 @@ AppArmorSecurityManagerProbe(const char *virtDriver G_GNUC_UNUSED) if (!virFileExists(template_qemu)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("template \'%s\' does not exist"), template_qemu); + _("template \'%1$s\' does not exist"), template_qemu); return SECURITY_DRIVER_DISABLE; } if (!virFileExists(template_lxc)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("template \'%s\' does not exist"), template_lxc); + _("template \'%1$s\' does not exist"), template_lxc); return SECURITY_DRIVER_DISABLE; } @@ -414,8 +413,8 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED, /* Now that we have a label, load the profile into the kernel. */ if (load_profile(mgr, secdef->label, def, NULL, false) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot load AppArmor profile " - "\'%s\'"), secdef->label); + _("cannot load AppArmor profile \'%1$s\'"), + secdef->label); goto err; } @@ -518,7 +517,7 @@ AppArmorRestoreSecurityAllLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { if ((rc = remove_profile(secdef->label)) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("could not remove profile for \'%s\'"), + _("could not remove profile for \'%1$s\'"), secdef->label); } } @@ -544,9 +543,7 @@ AppArmorSetSecurityProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "\'%s\' model configured for domain, but " - "hypervisor driver is \'%s\'."), + _("security label driver mismatch: \'%1$s\' model configured for domain, but hypervisor driver is \'%2$s\'."), secdef->model, SECURITY_APPARMOR_NAME); if (use_apparmor() > 0) return -1; @@ -582,9 +579,7 @@ AppArmorSetSecurityChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "\'%s\' model configured for domain, but " - "hypervisor driver is \'%s\'."), + _("security label driver mismatch: \'%1$s\' model configured for domain, but hypervisor driver is \'%2$s\'."), secdef->model, SECURITY_APPARMOR_NAME); if (use_apparmor() > 0) return -1; @@ -647,7 +642,7 @@ AppArmorSetMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: if (!virFileExists(mem->nvdimmPath)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("%s: \'%s\' does not exist"), + _("%1$s: \'%2$s\' does not exist"), __func__, mem->nvdimmPath); return -1; } @@ -686,13 +681,13 @@ AppArmorSetInputLabel(virSecurityManager *mgr, case VIR_DOMAIN_INPUT_TYPE_EVDEV: if (input->source.evdev == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("%s: passthrough input device has no source"), + _("%1$s: passthrough input device has no source"), __func__); return -1; } if (!virFileExists(input->source.evdev)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("%s: \'%s\' does not exist"), + _("%1$s: \'%2$s\' does not exist"), __func__, input->source.evdev); return -1; } @@ -744,7 +739,7 @@ AppArmorSetSecurityImageLabelInternal(virSecurityManager *mgr, /* if the device doesn't exist, error out */ if (!virFileExists(path)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("\'%s\' does not exist"), + _("\'%1$s\' does not exist"), path); return -1; } @@ -789,7 +784,7 @@ AppArmorSecurityVerify(virSecurityManager *mgr G_GNUC_UNUSED, if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) { if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) { virReportError(VIR_ERR_XML_ERROR, - _("Invalid security label \'%s\'"), + _("Invalid security label \'%1$s\'"), secdef->label); return -1; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 9be8f458d1..1c1d6f0cff 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -689,7 +689,7 @@ virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv, return 0; if (stat(path, &sb) < 0) { - virReportSystemError(errno, _("unable to stat: %s"), path); + virReportSystemError(errno, _("unable to stat: %1$s"), path); return -1; } @@ -721,8 +721,7 @@ virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv, (long)uid, (long)gid, NULLSTR(path)); } else { virReportSystemError(errno, - _("unable to set user and group to '%ld:%ld' " - "on '%s'"), + _("unable to set user and group to '%1$ld:%2$ld' on '%3$s'"), (long)uid, (long)gid, NULLSTR(path)); return -1; } @@ -760,7 +759,7 @@ virSecurityDACSetOwnership(virSecurityManager *mgr, if (remember && path) { if (stat(path, &sb) < 0) { - virReportSystemError(errno, _("unable to stat: %s"), path); + virReportSystemError(errno, _("unable to stat: %1$s"), path); return -1; } @@ -778,8 +777,8 @@ virSecurityDACSetOwnership(virSecurityManager *mgr, * XATTRs so decrease it. */ if (sb.st_uid != uid || sb.st_gid != gid) { virReportError(VIR_ERR_OPERATION_INVALID, - _("Setting different DAC user or group on %s " - "which is already in use"), path); + _("Setting different DAC user or group on %1$s which is already in use"), + path); goto error; } } @@ -2323,8 +2322,7 @@ virSecurityDACGenLabel(virSecurityManager *mgr, if (seclabel->model && STRNEQ(seclabel->model, SECURITY_DAC_NAME)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label model %s is not supported " - "with selinux"), + _("security label model %1$s is not supported with selinux"), seclabel->model); return rc; } @@ -2333,8 +2331,8 @@ virSecurityDACGenLabel(virSecurityManager *mgr, case VIR_DOMAIN_SECLABEL_STATIC: if (seclabel->label == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("missing label for static security " - "driver in domain %s"), def->name); + _("missing label for static security driver in domain %1$s"), + def->name); return rc; } break; @@ -2343,8 +2341,8 @@ virSecurityDACGenLabel(virSecurityManager *mgr, (unsigned int)priv->group); if (seclabel->label == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot generate dac user and group id " - "for domain %s"), def->name); + _("cannot generate dac user and group id for domain %1$s"), + def->name); return rc; } break; @@ -2354,7 +2352,7 @@ virSecurityDACGenLabel(virSecurityManager *mgr, case VIR_DOMAIN_SECLABEL_DEFAULT: case VIR_DOMAIN_SECLABEL_LAST: virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected security label type '%s'"), + _("unexpected security label type '%1$s'"), virDomainSeclabelTypeToString(seclabel->type)); return rc; } @@ -2394,7 +2392,7 @@ virSecurityDACGetProcessLabelInternal(pid_t pid, if (g_lstat(path, &sb) < 0) { virReportSystemError(errno, - _("unable to get uid and gid for PID %d via procfs"), + _("unable to get uid and gid for PID %1$d via procfs"), pid); return -1; } @@ -2419,7 +2417,7 @@ virSecurityDACGetProcessLabelInternal(pid_t pid, if (sysctl(mib, 4, &p, &len, NULL, 0) < 0) { virReportSystemError(errno, - _("unable to get PID %d uid and gid via sysctl"), + _("unable to get PID %1$d uid and gid via sysctl"), pid); return -1; } diff --git a/src/security/security_driver.c b/src/security/security_driver.c index b663b53244..ae11f595eb 100644 --- a/src/security/security_driver.c +++ b/src/security/security_driver.c @@ -70,7 +70,7 @@ virSecurityDriver *virSecurityDriverLookup(const char *name, VIR_DEBUG("Not enabled name=%s", tmp->name); if (name && STREQ(tmp->name, name)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Security driver %s not enabled"), + _("Security driver %1$s not enabled"), name); return NULL; } @@ -84,7 +84,7 @@ virSecurityDriver *virSecurityDriverLookup(const char *name, if (!drv) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Security driver %s not found"), + _("Security driver %1$s not found"), NULLSTR(name)); return NULL; } diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 2f8e89cb04..5846d499d9 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -728,7 +728,7 @@ static int virSecurityManagerCheckModel(virSecurityManager *mgr, } virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Security driver model '%s' is not available"), + _("Security driver model '%1$s' is not available"), secmodel); cleanup: VIR_FREE(sec_managers); @@ -1354,7 +1354,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED, } virReportSystemError(errno, - _("unable to open %s"), + _("unable to open %1$s"), p); goto cleanup; } @@ -1369,7 +1369,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED, continue; } else { virReportSystemError(errno, - _("unable to lock %s for metadata change"), + _("unable to lock %1$s for metadata change"), p); VIR_FORCE_CLOSE(fd); goto cleanup; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index e43962435f..19d30c1039 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -361,7 +361,7 @@ virSecuritySELinuxMCSFind(virSecurityManager *mgr, if (catRange < 8) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Category range c%d-c%d too small"), + _("Category range c%1$d-c%2$d too small"), catMin, catMax); return NULL; } @@ -438,7 +438,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, } if (!(ourContext = context_new(ourSecContext))) { virReportSystemError(errno, - _("Unable to parse current SELinux context '%s'"), + _("Unable to parse current SELinux context '%1$s'"), ourSecContext); goto cleanup; } @@ -470,14 +470,14 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, tmp = cat; if (tmp[0] != 'c') { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse category in %s"), + _("Cannot parse category in %1$s"), cat); goto cleanup; } tmp++; if (virStrToLong_i(tmp, &tmp, 10, catMin) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse category in %s"), + _("Cannot parse category in %1$s"), cat); goto cleanup; } @@ -493,21 +493,21 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, /* Find & extract category max (if any) */ if (tmp[0] != '.') { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse category in %s"), + _("Cannot parse category in %1$s"), cat); goto cleanup; } tmp++; if (tmp[0] != 'c') { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse category in %s"), + _("Cannot parse category in %1$s"), cat); goto cleanup; } tmp++; if (virStrToLong_i(tmp, &tmp, 10, catMax) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse category in %s"), + _("Cannot parse category in %1$s"), cat); goto cleanup; } @@ -542,7 +542,7 @@ virSecuritySELinuxContextAddRange(char *src, if (context_range_set(dstcon, context_range_get(srccon)) == -1) { virReportSystemError(errno, - _("unable to set security context range '%s'"), dst); + _("unable to set security context range '%1$s'"), dst); goto cleanup; } @@ -581,7 +581,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext, } if (!(ourContext = context_new(ourSecContext))) { virReportSystemError(errno, - _("Unable to parse current SELinux context '%s'"), + _("Unable to parse current SELinux context '%1$s'"), ourSecContext); goto cleanup; } @@ -589,7 +589,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext, if (!(context = context_new(basecontext))) { virReportSystemError(errno, - _("Unable to parse base SELinux context '%s'"), + _("Unable to parse base SELinux context '%1$s'"), basecontext); goto cleanup; } @@ -597,7 +597,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext, if (context_user_set(context, context_user_get(ourContext)) != 0) { virReportSystemError(errno, - _("Unable to set SELinux context user '%s'"), + _("Unable to set SELinux context user '%1$s'"), context_user_get(ourContext)); goto cleanup; } @@ -606,14 +606,14 @@ virSecuritySELinuxGenNewContext(const char *basecontext, context_role_set(context, context_role_get(ourContext)) != 0) { virReportSystemError(errno, - _("Unable to set SELinux context role '%s'"), + _("Unable to set SELinux context role '%1$s'"), context_role_get(ourContext)); goto cleanup; } if (context_range_set(context, mcs) != 0) { virReportSystemError(errno, - _("Unable to set SELinux context MCS '%s'"), + _("Unable to set SELinux context MCS '%1$s'"), mcs); goto cleanup; } @@ -655,7 +655,7 @@ virSecuritySELinuxLXCInitialize(virSecurityManager *mgr) if (!data->domain_context) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("missing 'process' value in selinux lxc contexts file '%s'"), + _("missing 'process' value in selinux lxc contexts file '%1$s'"), selinux_lxc_contexts_path()); goto error; } @@ -665,7 +665,7 @@ virSecuritySELinuxLXCInitialize(virSecurityManager *mgr) if (!data->file_context) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("missing 'file' value in selinux lxc contexts file '%s'"), + _("missing 'file' value in selinux lxc contexts file '%1$s'"), selinux_lxc_contexts_path()); goto error; } @@ -675,7 +675,7 @@ virSecuritySELinuxLXCInitialize(virSecurityManager *mgr) if (!data->content_context) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("missing 'content' value in selinux lxc contexts file '%s'"), + _("missing 'content' value in selinux lxc contexts file '%1$s'"), selinux_lxc_contexts_path()); goto error; } @@ -711,7 +711,7 @@ virSecuritySELinuxQEMUInitialize(virSecurityManager *mgr) if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) { virReportSystemError(errno, - _("cannot read SELinux virtual domain context file '%s'"), + _("cannot read SELinux virtual domain context file '%1$s'"), selinux_virtual_domain_context_path()); goto error; } @@ -733,7 +733,7 @@ virSecuritySELinuxQEMUInitialize(virSecurityManager *mgr) if (virFileReadAll(selinux_virtual_image_context_path(), 2*MAX_CONTEXT, &(data->file_context)) < 0) { virReportSystemError(errno, - _("cannot read SELinux virtual image context file %s"), + _("cannot read SELinux virtual image context file %1$s"), selinux_virtual_image_context_path()); goto error; } @@ -822,7 +822,7 @@ virSecuritySELinuxGenLabel(virSecurityManager *mgr, if (seclabel->model && STRNEQ(seclabel->model, SECURITY_SELINUX_NAME)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label model %s is not supported with selinux"), + _("security label model %1$s is not supported with selinux"), seclabel->model); return rc; } @@ -833,7 +833,7 @@ virSecuritySELinuxGenLabel(virSecurityManager *mgr, case VIR_DOMAIN_SECLABEL_STATIC: if (!(ctx = context_new(seclabel->label))) { virReportSystemError(errno, - _("unable to allocate socket security context '%s'"), + _("unable to allocate socket security context '%1$s'"), seclabel->label); return rc; } @@ -899,7 +899,7 @@ virSecuritySELinuxGenLabel(virSecurityManager *mgr, case VIR_DOMAIN_SECLABEL_LAST: default: virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected security label type '%s'"), + _("unexpected security label type '%1$s'"), virDomainSeclabelTypeToString(seclabel->type)); goto cleanup; } @@ -959,7 +959,7 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr, if (getpidcon_raw(pid, &pctx) == -1) { virReportSystemError(errno, - _("unable to get PID %d security context"), pid); + _("unable to get PID %1$d security context"), pid); return -1; } @@ -976,7 +976,7 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr, if (rv == 1) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("MCS level for existing domain label %s already reserved"), + _("MCS level for existing domain label %1$s already reserved"), (char*)pctx); goto error; } @@ -1197,15 +1197,14 @@ virSecuritySELinuxGetProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (getpidcon_raw(pid, &ctx) == -1) { virReportSystemError(errno, - _("unable to get PID %d security context"), + _("unable to get PID %1$d security context"), pid); return -1; } if (virStrcpy(sec->label, ctx, VIR_SECURITY_LABEL_BUFLEN) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label exceeds " - "maximum length: %d"), + _("security label exceeds maximum length: %1$d"), VIR_SECURITY_LABEL_BUFLEN - 1); freecon(ctx); return -1; @@ -1267,8 +1266,7 @@ virSecuritySELinuxSetFileconImpl(const char *path, const char *msg; if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 1 && security_get_boolean_active("virt_use_nfs") != 1) { - msg = _("Setting security context '%s' on '%s' not supported. " - "Consider setting virt_use_nfs"); + msg = _("Setting security context '%1$s' on '%2$s' not supported. Consider setting virt_use_nfs"); if (security_getenforce() == 1) VIR_WARN(msg, tcon, path); else @@ -1286,7 +1284,7 @@ virSecuritySELinuxSetFileconImpl(const char *path, (security_getenforce() == 1 && (setfilecon_errno != EPERM || privileged))) { virReportSystemError(setfilecon_errno, - _("unable to set security context '%s' on '%s'"), + _("unable to set security context '%1$s' on '%2$s'"), tcon, path); return -1; } @@ -1323,7 +1321,7 @@ virSecuritySELinuxSetFilecon(virSecurityManager *mgr, if (getfilecon_raw(path, &econ) < 0 && errno != ENOTSUP && errno != ENODATA) { virReportSystemError(errno, - _("unable to get SELinux context of %s"), + _("unable to get SELinux context of %1$s"), path); goto cleanup; } @@ -1345,8 +1343,8 @@ virSecuritySELinuxSetFilecon(virSecurityManager *mgr, * incremented in XATTRs so decrease it. */ if (STRNEQ(econ, tcon)) { virReportError(VIR_ERR_OPERATION_INVALID, - _("Setting different SELinux label on %s " - "which is already in use"), path); + _("Setting different SELinux label on %1$s which is already in use"), + path); goto cleanup; } } @@ -1402,7 +1400,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon) */ if (fsetfilecon_errno != EOPNOTSUPP) { virReportSystemError(fsetfilecon_errno, - _("unable to set security context '%s' on fd %d"), + _("unable to set security context '%1$s' on fd %2$d"), tcon, fd); if (security_getenforce() == 1) return -1; @@ -2933,9 +2931,7 @@ virSecuritySELinuxVerify(virSecurityManager *mgr G_GNUC_UNUSED, if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "'%s' model configured for domain, but " - "hypervisor driver is '%s'."), + _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."), secdef->model, SECURITY_SELINUX_NAME); return -1; } @@ -2943,7 +2939,7 @@ virSecuritySELinuxVerify(virSecurityManager *mgr G_GNUC_UNUSED, if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) { if (security_check_context(secdef->label) != 0) { virReportError(VIR_ERR_XML_ERROR, - _("Invalid security label %s"), secdef->label); + _("Invalid security label %1$s"), secdef->label); return -1; } } @@ -2964,9 +2960,7 @@ virSecuritySELinuxSetProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, VIR_DEBUG("label=%s", secdef->label); if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "'%s' model configured for domain, but " - "hypervisor driver is '%s'."), + _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."), secdef->model, SECURITY_SELINUX_NAME); if (security_getenforce() == 1) return -1; @@ -2974,7 +2968,7 @@ virSecuritySELinuxSetProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (setexeccon_raw(secdef->label) == -1) { virReportSystemError(errno, - _("unable to set security context '%s'"), + _("unable to set security context '%1$s'"), secdef->label); if (security_getenforce() == 1) return -1; @@ -2998,9 +2992,7 @@ virSecuritySELinuxSetChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED, VIR_DEBUG("label=%s", secdef->label); if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "'%s' model configured for domain, but " - "hypervisor driver is '%s'."), + _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."), secdef->model, SECURITY_SELINUX_NAME); if (security_getenforce() == 1) return -1; @@ -3027,16 +3019,14 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "'%s' model configured for domain, but " - "hypervisor driver is '%s'."), + _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."), secdef->model, SECURITY_SELINUX_NAME); goto done; } if (getcon_raw(&scon) == -1) { virReportSystemError(errno, - _("unable to get current process context '%s'"), + _("unable to get current process context '%1$s'"), secdef->label); goto done; } @@ -3047,7 +3037,7 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED, VIR_DEBUG("Setting VM %s socket context %s", def->name, str); if (setsockcreatecon_raw(str) == -1) { virReportSystemError(errno, - _("unable to set socket security context '%s'"), str); + _("unable to set socket security context '%1$s'"), str); goto done; } @@ -3074,9 +3064,7 @@ virSecuritySELinuxSetSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "'%s' model configured for domain, but " - "hypervisor driver is '%s'."), + _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."), secdef->model, SECURITY_SELINUX_NAME); goto done; } @@ -3085,7 +3073,7 @@ virSecuritySELinuxSetSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED, vm->name, secdef->label); if (setsockcreatecon_raw(secdef->label) == -1) { virReportSystemError(errno, - _("unable to set socket security context '%s'"), + _("unable to set socket security context '%1$s'"), secdef->label); goto done; } @@ -3112,9 +3100,7 @@ virSecuritySELinuxClearSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: " - "'%s' model configured for domain, but " - "hypervisor driver is '%s'."), + _("security label driver mismatch: '%1$s' model configured for domain, but hypervisor driver is '%2$s'."), secdef->model, SECURITY_SELINUX_NAME); if (security_getenforce() == 1) return -1; @@ -3122,7 +3108,7 @@ virSecuritySELinuxClearSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED, if (setsockcreatecon_raw(NULL) == -1) { virReportSystemError(errno, - _("unable to clear socket security context '%s'"), + _("unable to clear socket security context '%1$s'"), secdef->label); if (security_getenforce() == 1) return -1; @@ -3334,13 +3320,13 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManager *mgr, return 0; if (fstat(fd, &buf) < 0) { - virReportSystemError(errno, _("cannot stat tap fd %d"), fd); + virReportSystemError(errno, _("cannot stat tap fd %1$d"), fd); goto cleanup; } if ((buf.st_mode & S_IFMT) != S_IFCHR) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("tap fd %d is not character device"), fd); + _("tap fd %1$d is not character device"), fd); goto cleanup; } @@ -3349,7 +3335,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManager *mgr, if (virFileResolveLink(proc, &fd_path) < 0) { virReportSystemError(errno, - _("Unable to resolve link: %s"), proc); + _("Unable to resolve link: %1$s"), proc); goto cleanup; } @@ -3362,7 +3348,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManager *mgr, if (getContext(mgr, fd_path, buf.st_mode, &fcon) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot lookup default selinux label for tap fd %d"), fd); + _("cannot lookup default selinux label for tap fd %1$d"), fd); goto cleanup; } @@ -3398,7 +3384,7 @@ virSecuritySELinuxGenImageLabel(virSecurityManager *mgr, if (secdef->label) { ctx = context_new(secdef->label); if (!ctx) { - virReportSystemError(errno, _("unable to create selinux context for: %s"), + virReportSystemError(errno, _("unable to create selinux context for: %1$s"), secdef->label); goto cleanup; } @@ -3528,7 +3514,7 @@ virSecuritySELinuxSetFileLabels(virSecurityManager *mgr, break; } if (ret < 0) - virReportSystemError(errno, _("Unable to label files under %s"), + virReportSystemError(errno, _("Unable to label files under %1$s"), path); return ret; @@ -3571,7 +3557,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManager *mgr, break; } if (ret < 0) - virReportSystemError(errno, _("Unable to restore file labels under %s"), + virReportSystemError(errno, _("Unable to restore file labels under %1$s"), path); return ret; diff --git a/src/security/security_util.c b/src/security/security_util.c index 83eb2edcae..a4e6687561 100644 --- a/src/security/security_util.c +++ b/src/security/security_util.c @@ -183,7 +183,7 @@ virSecurityValidateTimestamp(const char *name, return -2; } else if (errno != ENODATA) { virReportSystemError(errno, - _("Unable to get XATTR %s on %s"), + _("Unable to get XATTR %1$s on %2$s"), timestamp_name, path); return -1; @@ -290,7 +290,7 @@ virSecurityGetRememberedLabel(const char *name, return -2; virReportSystemError(errno, - _("Unable to get XATTR %s on %s"), + _("Unable to get XATTR %1$s on %2$s"), ref_name, path); return -1; @@ -312,7 +312,7 @@ virSecurityGetRememberedLabel(const char *name, if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("malformed refcount %s on %s"), + _("malformed refcount %1$s on %2$s"), value, path); return -1; } @@ -388,7 +388,7 @@ virSecuritySetRememberedLabel(const char *name, return -2; } else if (errno != ENODATA) { virReportSystemError(errno, - _("Unable to get XATTR %s on %s"), + _("Unable to get XATTR %1$s on %2$s"), ref_name, path); return -1; @@ -412,7 +412,7 @@ virSecuritySetRememberedLabel(const char *name, if (value && virStrToLong_ui(value, NULL, 10, &refcount) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("malformed refcount %s on %s"), + _("malformed refcount %1$s on %2$s"), value, path); return -1; } @@ -479,7 +479,7 @@ virSecurityMoveRememberedLabel(const char *name, return -2; } else if (errno != ENODATA) { virReportSystemError(errno, - _("Unable to get XATTR %s on %s"), + _("Unable to get XATTR %1$s on %2$s"), ref_name, src); return -1; } @@ -490,7 +490,7 @@ virSecurityMoveRememberedLabel(const char *name, return -2; } else if (errno != ENODATA) { virReportSystemError(errno, - _("Unable to get XATTR %s on %s"), + _("Unable to get XATTR %1$s on %2$s"), attr_name, src); return -1; } @@ -501,7 +501,7 @@ virSecurityMoveRememberedLabel(const char *name, return -2; } else if (errno != ENODATA) { virReportSystemError(errno, - _("Unable to get XATTR %s on %s"), + _("Unable to get XATTR %1$s on %2$s"), attr_name, src); return -1; } diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index d65d459850..3ee59b32bb 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -96,7 +96,7 @@ vahDeinit(vahControl * ctl) static void vah_usage(void) { - printf(_("\n%s mode [options] [extra file] [< def.xml]\n\n" + printf(_("\n%1$s mode [options] [extra file] [< def.xml]\n\n" " Modes:\n" " -a | --add load profile\n" " -c | --create create profile from template\n" @@ -120,7 +120,7 @@ vah_usage(void) static void vah_error(vahControl * ctl, int doexit, const char *str) { - fprintf(stderr, _("%s: error: %s%c"), progname, str, '\n'); + fprintf(stderr, _("%1$s: error: %2$s%3$c"), progname, str, '\n'); if (doexit) { if (ctl != NULL) @@ -132,13 +132,13 @@ vah_error(vahControl * ctl, int doexit, const char *str) static void vah_warning(const char *str) { - fprintf(stderr, _("%s: warning: %s%c"), progname, str, '\n'); + fprintf(stderr, _("%1$s: warning: %2$s%3$c"), progname, str, '\n'); } static void vah_info(const char *str) { - fprintf(stderr, _("%s:\n%s%c"), progname, str, '\n'); + fprintf(stderr, _("%1$s:\n%2$s%3$c"), progname, str, '\n'); } /* @@ -1442,7 +1442,7 @@ main(int argc, char **argv) if (virGettextInitialize() < 0 || virErrorInitialize() < 0) { - fprintf(stderr, _("%s: initialization failed\n"), argv[0]); + fprintf(stderr, _("%1$s: initialization failed\n"), argv[0]); exit(EXIT_FAILURE); } -- 2.39.2