On 04/29/22 10:13, Petr Lautrbach wrote: > Laszlo Ersek <lersek@xxxxxxxxxx> writes: > >> Currently, if the SELINUX_RESTORECON_ABORT_ON_ERROR flag is clear, then >> selinux_restorecon[_parallel]() does not abort the file tree walk upon an >> error, but the function itself fails the same, with the same (-1) return >> value. This in turn is reported by the setfiles(8) utility to its parent >> process with the same exit code (255). >> >> In libguestfs we want to proceed after setfiles(8) fails *at most* with >> such errors that occur during the file tree walk. We need setfiles(8) to >> exit with a distinct exit status in that situation. >> >> For this, introduce the SELINUX_RESTORECON_COUNT_ERRORS flag, and the >> corresponding selinux_restorecon_get_skipped_errors() function, for >> selinux_restorecon[_parallel]() to count, but otherwise ignore, errors >> during the file tree walk. When no other kind of error occurs, the >> relabeling functions will return zero, and the caller can fetch the number >> of errors ignored during the file tree walk with >> selinux_restorecon_get_skipped_errors(). >> >> Importantly, when at least one such error is skipped, we don't write >> partial match digests for subdirectories, as any masked error means that >> any subdirectory may not have been completely relabeled. >> >> Cc: "Richard W.M. Jones" <rjones@xxxxxxxxxx> >> Cc: Petr Lautrbach <plautrba@xxxxxxxxxx> >> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 >> Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx> >> --- > [...] >> --- a/libselinux/src/libselinux.map >> +++ b/libselinux/src/libselinux.map >> @@ -245,3 +245,8 @@ LIBSELINUX_3.4 { >> global: >> selinux_restorecon_parallel; >> } LIBSELINUX_1.0; >> + >> +LIBSELINUX_3.5 { > > It's still possible to put this into LIBSELINUX_3.4. Next week we will > release 3.4-rc3 and GA of 3.4 is planned two weeks later. I assumed the project wouldn't assume new features after rc2 :) I'll post v2, with this updated; but first I'll wait for the reviews to complete. Thanks! Laszlo > > >> + global: >> + selinux_restorecon_get_skipped_errors; >> +} LIBSELINUX_3.4; >> -- >> 2.19.1.3.g30247aa5d201 >
