sefcontext_compile was failing silently on various error paths. Generate a suitable error message to stderr for each error. Before: $ sefcontext_compile /path/to/unwritabledirectory/file_contexts <no output, although non-zero exit status> After: $ sefcontext_compile /path/to/unwritabledirectory/file_contexts sefcontext_compile: mkstemp /path/to/unwritabledirectory/file_contexts.binNmQJqa failed: Permission denied Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> --- libselinux/utils/sefcontext_compile.c | 48 +++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c index 70853e7..ebd1264 100644 --- a/libselinux/utils/sefcontext_compile.c +++ b/libselinux/utils/sefcontext_compile.c @@ -309,7 +309,7 @@ int main(int argc, char *argv[]) path = argv[optind]; if (stat(path, &buf) < 0) { - fprintf(stderr, "Can not stat: %s: %m\n", path); + fprintf(stderr, "%s: could not stat: %s: %s\n", argv[0], path, strerror(errno)); exit(EXIT_FAILURE); } @@ -318,14 +318,14 @@ int main(int argc, char *argv[]) policy_fp = fopen(policy_file, "r"); if (!policy_fp) { - fprintf(stderr, "Failed to open policy: %s\n", - policy_file); + fprintf(stderr, "%s: failed to open %s: %s\n", + argv[0], policy_file, strerror(errno)); exit(EXIT_FAILURE); } if (sepol_set_policydb_from_file(policy_fp) < 0) { - fprintf(stderr, "Failed to load policy: %s\n", - policy_file); + fprintf(stderr, "%s: failed to load policy from %s\n", + argv[0], policy_file); fclose(policy_fp); exit(EXIT_FAILURE); } @@ -334,7 +334,7 @@ int main(int argc, char *argv[]) /* Generate dummy handle for process_line() function */ rec = (struct selabel_handle *)calloc(1, sizeof(*rec)); if (!rec) { - fprintf(stderr, "Failed to calloc handle\n"); + fprintf(stderr, "%s: calloc failed: %s\n", argv[0], strerror(errno)); if (policy_fp) fclose(policy_fp); exit(EXIT_FAILURE); @@ -353,7 +353,7 @@ int main(int argc, char *argv[]) data = (struct saved_data *)calloc(1, sizeof(*data)); if (!data) { - fprintf(stderr, "Failed to calloc saved_data\n"); + fprintf(stderr, "%s: calloc failed: %s\n", argv[0], strerror(errno)); free(rec); if (policy_fp) fclose(policy_fp); @@ -363,46 +363,62 @@ int main(int argc, char *argv[]) rec->data = data; rc = process_file(rec, path); - if (rc < 0) + if (rc < 0) { + fprintf(stderr, "%s: process_file failed\n", argv[0]); goto err; + } rc = sort_specs(data); - if (rc) + if (rc) { + fprintf(stderr, "%s: sort_specs failed\n", argv[0]); goto err; + } if (out_file) rc = snprintf(stack_path, sizeof(stack_path), "%s", out_file); else rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path); - if (rc < 0 || rc >= (int)sizeof(stack_path)) + if (rc < 0 || rc >= (int)sizeof(stack_path)) { + fprintf(stderr, "%s: snprintf failed\n", argv[0]); goto err; + } tmp = malloc(strlen(stack_path) + 7); - if (!tmp) + if (!tmp) { + fprintf(stderr, "%s: malloc failed: %s\n", argv[0], strerror(errno)); goto err; + } rc = sprintf(tmp, "%sXXXXXX", stack_path); - if (rc < 0) + if (rc < 0) { + fprintf(stderr, "%s: sprintf failed\n", argv[0]); goto err; + } fd = mkstemp(tmp); - if (fd < 0) + if (fd < 0) { + fprintf(stderr, "%s: mkstemp %s failed: %s\n", argv[0], tmp, strerror(errno)); goto err; + } rc = fchmod(fd, buf.st_mode); if (rc < 0) { - perror("fchmod failed to set permission on compiled regexs"); + fprintf(stderr, "%s: fchmod %s failed: %s\n", argv[0], tmp, strerror(errno)); goto err_unlink; } rc = write_binary_file(data, fd, do_write_precompregex); - if (rc < 0) + if (rc < 0) { + fprintf(stderr, "%s: write_binary_file %s failed\n", argv[0], tmp); goto err_unlink; + } rc = rename(tmp, stack_path); - if (rc < 0) + if (rc < 0) { + fprintf(stderr, "%s: rename %s -> %s failed: %s\n", argv[0], tmp, stack_path, strerror(errno)); goto err_unlink; + } rc = 0; out: -- 2.7.4 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.