As reported by Gary Tierney, genhomedircon suppresses logging from libsepol when validating contexts. This can result in an empty file_contexts.homedirs file without any warning to the user if policy has been incorrectly configured. Remove the code that was suppressing the logging so that errors are reported to the user. Reported-by: Gary Tierney <gary.tierney@xxxxxxx> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> --- libsemanage/src/genhomedircon.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 0dd2b29..6991fff 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -573,11 +573,8 @@ static int check_line(genhomedircon_settings_t * s, Ustr *line) result = sepol_context_from_string(s->h_semanage->sepolh, ctx_str, &ctx_record); if (result == STATUS_SUCCESS && ctx_record != NULL) { - sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL); result = sepol_context_check(s->h_semanage->sepolh, s->policydb, ctx_record); - sepol_msg_set_callback(s->h_semanage->sepolh, - semanage_msg_relay_handler, s->h_semanage); sepol_context_free(ctx_record); } return result; -- 2.7.4 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.