-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
These two patches cleanup setsebool error reporting.
This is what we currently get if user mispells boolean name.
# setsebool -P spacewalk_nfs_mountpointttt on
Actual results:
libsemanage.dbase_llist_set: record not found in the database (No such file or
directory).
libsemanage.dbase_llist_set: could not set record value (No such file or
directory).
Could not change boolean spacewalk_nfs_mountpointttt
Could not change policy booleans
Now we get
# setsebool -P spacewalk_nfs_mountpointttt on
Boolean spacewalk_nfs_mountpointttt is not defined
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJpOFgACgkQrlYvE4MpobP5uACgrFgNyhHvGYPFlJ/ZFQZKG4B5
TngAnAzC6zN3zsJPmVDcGqlXhHwdpHZF
=3lSr
-----END PGP SIGNATURE-----
>From 4f03010995b7bb126c6ae66a3c005bef4555ecf5 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Fri, 11 Oct 2013 10:24:36 -0400
Subject: [PATCH 66/74] Make setsebool be less verbose.
---
policycoreutils/setsebool/setsebool.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c
index 86578f7..d21eb30 100644
--- a/policycoreutils/setsebool/setsebool.c
+++ b/policycoreutils/setsebool/setsebool.c
@@ -17,13 +17,14 @@
int permanent = 0;
int reload = 1;
+int verbose = 0;
int setbool(char **list, size_t start, size_t end);
void usage(void)
{
fputs
- ("\nUsage: setsebool [ -NP ] boolean value | bool1=val1 bool2=val2...\n\n",
+ ("\nUsage: setsebool [ -NPV ] boolean value | bool1=val1 bool2=val2...\n\n",
stderr);
exit(1);
}
@@ -41,7 +42,7 @@ int main(int argc, char **argv)
}
while (1) {
- clflag = getopt(argc, argv, "PN");
+ clflag = getopt(argc, argv, "PNV");
if (clflag == -1)
break;
@@ -52,6 +53,9 @@ int main(int argc, char **argv)
case 'N':
reload = 0;
break;
+ case 'V':
+ verbose = 1;
+ break;
default:
usage();
break;
@@ -130,6 +134,10 @@ static int semanage_set_boolean_list(size_t boolcnt,
goto err;
}
+ if (! verbose) {
+ semanage_msg_set_callback(handle,NULL, NULL);
+ }
+
managed = semanage_is_managed(handle);
if (managed < 0) {
fprintf(stderr,
--
1.8.3.1
>From 224c2dfc712de3dbbbf380c2ee2deeca3d3930b2 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Fri, 11 Oct 2013 10:24:48 -0400
Subject: [PATCH 67/74] setsebool does not do a good job of reporting missing
booleans.
This patch will clearly tell the user that he tried to set a boolean that does not exist.
---
policycoreutils/setsebool/setsebool.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c
index d21eb30..29146a8 100644
--- a/policycoreutils/setsebool/setsebool.c
+++ b/policycoreutils/setsebool/setsebool.c
@@ -10,6 +10,8 @@
#include <pwd.h>
#include <selinux/selinux.h>
#include <semanage/handle.h>
+#include <semanage/debug.h>
+#include <semanage/booleans_policy.h>
#include <semanage/booleans_local.h>
#include <semanage/booleans_active.h>
#include <semanage/boolean_record.h>
@@ -127,6 +129,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
semanage_bool_t *boolean = NULL;
semanage_bool_key_t *bool_key = NULL;
int managed;
+ int result;
handle = semanage_handle_create();
if (handle == NULL) {
@@ -174,13 +177,22 @@ static int semanage_set_boolean_list(size_t boolcnt,
if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
goto err;
+
+ semanage_bool_exists(handle, bool_key, &result);
+ if ( !result ) {
+ semanage_bool_exists_local(handle, bool_key, &result);
+ if ( !result ) {
+ fprintf(stderr, "Boolean %s is not defined\n", boollist[j].name);
+ goto err;
+ }
+ }
if (semanage_bool_modify_local(handle, bool_key,
boolean) < 0)
goto err;
if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
- fprintf(stderr, "Could not change boolean %s\n",
+ fprintf(stderr, "Failed to change boolean %s: %m\n",
boollist[j].name);
goto err;
}
@@ -202,7 +214,6 @@ static int semanage_set_boolean_list(size_t boolcnt,
semanage_bool_key_free(bool_key);
semanage_bool_free(boolean);
semanage_handle_destroy(handle);
- fprintf(stderr, "Could not change policy booleans\n");
return -1;
}
--
1.8.3.1
