Re: [PATCH] libselinux/utils: print errno on failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 9 May 2022 at 16:38, James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Sat, May 7, 2022 at 11:59 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Print error description on failure after functions known to set errno.
> >
> > Also mention the library function name in getenforce, policyvers and
> > setenforce instead of the program name twice.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> > ---
> >  libselinux/utils/compute_av.c                              | 3 ++-
> >  libselinux/utils/compute_create.c                          | 5 +++--
> >  libselinux/utils/compute_member.c                          | 5 +++--
> >  libselinux/utils/compute_relabel.c                         | 5 +++--
> >  libselinux/utils/getconlist.c                              | 2 +-
> >  libselinux/utils/getdefaultcon.c                           | 2 +-
> >  libselinux/utils/getenforce.c                              | 4 +++-
> >  libselinux/utils/getfilecon.c                              | 6 ++++--
> >  libselinux/utils/getpidcon.c                               | 4 +++-
> >  libselinux/utils/policyvers.c                              | 4 +++-
> >  libselinux/utils/selabel_digest.c                          | 2 +-
> >  libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++-
> >  libselinux/utils/selabel_lookup.c                          | 3 ++-
> >  libselinux/utils/selabel_lookup_best_match.c               | 3 ++-
> >  libselinux/utils/selabel_partial_match.c                   | 3 ++-
> >  libselinux/utils/setenforce.c                              | 3 ++-
> >  libselinux/utils/setfilecon.c                              | 6 ++++--
> >  17 files changed, 41 insertions(+), 22 deletions(-)
> >
> > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> > index ef08338f..cca407d6 100644
> > --- a/libselinux/utils/compute_av.c
> > +++ b/libselinux/utils/compute_av.c
> > @@ -2,6 +2,7 @@
> >  #include <sys/types.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> >  #include <errno.h>
> >  #include <selinux/selinux.h>
> >
> > @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> >
> >         ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
> >         if (ret < 0) {
> > -               fprintf(stderr, "%s:  security_compute_av failed\n", argv[0]);
> > +               fprintf(stderr, "%s:  security_compute_av failed:  %s\n", argv[0], strerror(errno));
> >                 exit(3);
> >         }
> >
>
> Back in August you converted a bunch of strerror() uses in libselinux
> to instead use "%m" for thread safety. Since all of these are for
> utility programs and not the main library, thread safety is not a
> concern, but is there any reason not to just use "%m"?

None to my knowledge, other than matching the surrounding code.

>
> Jim
>
> > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> > index 63029c19..c6481f4b 100644
> > --- a/libselinux/utils/compute_create.c
> > +++ b/libselinux/utils/compute_create.c
> > @@ -2,6 +2,7 @@
> >  #include <sys/types.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> >  #include <errno.h>
> >  #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> >         ret = security_compute_create(argv[1], argv[2], tclass, &buf);
> >         if (ret < 0) {
> > -               fprintf(stderr, "%s:  security_compute_create failed\n",
> > -                       argv[0]);
> > +               fprintf(stderr, "%s:  security_compute_create failed:  %s\n",
> > +                       argv[0], strerror(errno));
> >                 exit(3);
> >         }
> >
> > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> > index 1ef47c25..9fe790ee 100644
> > --- a/libselinux/utils/compute_member.c
> > +++ b/libselinux/utils/compute_member.c
> > @@ -2,6 +2,7 @@
> >  #include <sys/types.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> >  #include <errno.h>
> >  #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> >         ret = security_compute_member(argv[1], argv[2], tclass, &buf);
> >         if (ret < 0) {
> > -               fprintf(stderr, "%s:  security_compute_member failed\n",
> > -                       argv[0]);
> > +               fprintf(stderr, "%s:  security_compute_member failed:  %s\n",
> > +                       argv[0], strerror(errno));
> >                 exit(3);
> >         }
> >
> > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> > index f6a957da..bdd39d0f 100644
> > --- a/libselinux/utils/compute_relabel.c
> > +++ b/libselinux/utils/compute_relabel.c
> > @@ -2,6 +2,7 @@
> >  #include <sys/types.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> >  #include <errno.h>
> >  #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> >         ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
> >         if (ret < 0) {
> > -               fprintf(stderr, "%s:  security_compute_relabel failed\n",
> > -                       argv[0]);
> > +               fprintf(stderr, "%s:  security_compute_relabel failed:  %s\n",
> > +                       argv[0], strerror(errno));
> >                 exit(3);
> >         }
> >
> > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> > index 0bb28469..92f6a793 100644
> > --- a/libselinux/utils/getconlist.c
> > +++ b/libselinux/utils/getconlist.c
> > @@ -55,7 +55,7 @@ int main(int argc, char **argv)
> >         /* If a context wasn't passed, use the current context. */
> >         if (((argc - optind) < 2)) {
> >                 if (getcon(&cur_context) < 0) {
> > -                       fprintf(stderr, "Couldn't get current context.\n");
> > +                       fprintf(stderr, "Couldn't get current context:  %s\n", strerror(errno));
> >                         free(level);
> >                         return 2;
> >                 }
> > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> > index 590e98d9..93102e5e 100644
> > --- a/libselinux/utils/getdefaultcon.c
> > +++ b/libselinux/utils/getdefaultcon.c
> > @@ -62,7 +62,7 @@ int main(int argc, char **argv)
> >         /* If a context wasn't passed, use the current context. */
> >         if (((argc - optind) < 2)) {
> >                 if (getcon(&cur_context) < 0) {
> > -                       fprintf(stderr, "Couldn't get current context.\n");
> > +                       fprintf(stderr, "Couldn't get current context:  %s\n", strerror(errno));
> >                         return 2;
> >                 }
> >         } else
> > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
> > index e5d19c54..aeeb79a8 100644
> > --- a/libselinux/utils/getenforce.c
> > +++ b/libselinux/utils/getenforce.c
> > @@ -1,6 +1,8 @@
> >  #include <unistd.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> >  #include <selinux/selinux.h>
> >
> >  int main(int argc __attribute__ ((unused)),
> > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)),
> >         if (rc == 1) {
> >                 rc = security_getenforce();
> >                 if (rc < 0) {
> > -                       fputs("getenforce:  getenforce() failed", stderr);
> > +                       fprintf(stderr, "getenforce:  security_getenforce() failed:  %s\n", strerror(errno));
> >                         return 2;
> >                 }
> >
> > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
> > index 6266ae16..b823a1a1 100644
> > --- a/libselinux/utils/getfilecon.c
> > +++ b/libselinux/utils/getfilecon.c
> > @@ -1,6 +1,8 @@
> >  #include <unistd.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> >  #include <selinux/selinux.h>
> >
> >  int main(int argc, char **argv)
> > @@ -16,8 +18,8 @@ int main(int argc, char **argv)
> >         for (i = 1; i < argc; i++) {
> >                 rc = getfilecon(argv[i], &buf);
> >                 if (rc < 0) {
> > -                       fprintf(stderr, "%s:  getfilecon(%s) failed\n", argv[0],
> > -                               argv[i]);
> > +                       fprintf(stderr, "%s:  getfilecon(%s) failed:  %s\n", argv[0],
> > +                               argv[i], strerror(errno));
> >                         exit(2);
> >                 }
> >                 printf("%s\t%s\n", argv[i], buf);
> > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
> > index ea6c274e..1a88fa6d 100644
> > --- a/libselinux/utils/getpidcon.c
> > +++ b/libselinux/utils/getpidcon.c
> > @@ -1,6 +1,8 @@
> >  #include <unistd.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> >  #include <selinux/selinux.h>
> >
> >  int main(int argc, char **argv)
> > @@ -21,7 +23,7 @@ int main(int argc, char **argv)
> >
> >         rc = getpidcon(pid, &buf);
> >         if (rc < 0) {
> > -               fprintf(stderr, "%s:  getpidcon() failed\n", argv[0]);
> > +               fprintf(stderr, "%s:  getpidcon() failed:  %s\n", argv[0], strerror(errno));
> >                 exit(3);
> >         }
> >
> > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
> > index dd56f2c7..5230bcaf 100644
> > --- a/libselinux/utils/policyvers.c
> > +++ b/libselinux/utils/policyvers.c
> > @@ -1,6 +1,8 @@
> >  #include <unistd.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> >  #include <selinux/selinux.h>
> >
> >  int main(int argc __attribute__ ((unused)), char **argv)
> > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv)
> >
> >         rc = security_policyvers();
> >         if (rc < 0) {
> > -               fprintf(stderr, "%s:  policyvers() failed\n", argv[0]);
> > +               fprintf(stderr, "%s:  security_policyvers() failed:  %s\n", argv[0], strerror(errno));
> >                 exit(2);
> >         }
> >
> > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> > index 49408a0b..6a8313a2 100644
> > --- a/libselinux/utils/selabel_digest.c
> > +++ b/libselinux/utils/selabel_digest.c
> > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest)
> >
> >         fp = popen(cmd, "r");
> >         if (!fp) {
> > -               printf("Failed to run command line\n");
> > +               fprintf(stderr, "Failed to run command '%s':  %s\n", cmd, strerror(errno));
> >                 return -1;
> >         }
> >
> > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > index e28833d2..c4e0f836 100644
> > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > @@ -77,7 +77,8 @@ int main(int argc, char **argv)
> >         hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> >         if (!hnd) {
> >                 fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > -                                                            "handle.\n");
> > +                                                            "handle:  %s\n",
> > +                                                            strerror(errno));
> >                 return -1;
> >         }
> >
> > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
> > index 1aef64de..112ffda1 100644
> > --- a/libselinux/utils/selabel_lookup.c
> > +++ b/libselinux/utils/selabel_lookup.c
> > @@ -91,7 +91,8 @@ int main(int argc, char **argv)
> >         hnd = selabel_open(backend, selabel_option, 2);
> >         if (!hnd) {
> >                 fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > -                                                            "handle.\n");
> > +                                                            "handle:  %s\n",
> > +                                                            strerror(errno));
> >                 return -1;
> >         }
> >
> > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
> > index 2cddc6cd..a4af0679 100644
> > --- a/libselinux/utils/selabel_lookup_best_match.c
> > +++ b/libselinux/utils/selabel_lookup_best_match.c
> > @@ -117,7 +117,8 @@ int main(int argc, char **argv)
> >         hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
> >         if (!hnd) {
> >                 fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > -                                                            "handle.\n");
> > +                                                            "handle:  %s\n",
> > +                                                            strerror(errno));
> >                 rc = -1;
> >                 goto out;
> >         }
> > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
> > index c5932cb1..7bbd5777 100644
> > --- a/libselinux/utils/selabel_partial_match.c
> > +++ b/libselinux/utils/selabel_partial_match.c
> > @@ -61,7 +61,8 @@ int main(int argc, char **argv)
> >         hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> >         if (!hnd) {
> >                 fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > -                                                            "handle.\n");
> > +                                                            "handle:  %s\n",
> > +                                                            strerror(errno));
> >                 return -1;
> >         }
> >
> > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
> > index 60a20a4b..67c13dca 100644
> > --- a/libselinux/utils/setenforce.c
> > +++ b/libselinux/utils/setenforce.c
> > @@ -4,6 +4,7 @@
> >  #include <ctype.h>
> >  #include <string.h>
> >  #include <strings.h>
> > +#include <errno.h>
> >  #include <selinux/selinux.h>
> >
> >  static __attribute__ ((__noreturn__)) void usage(const char *progname)
> > @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> >                         usage(argv[0]);
> >         }
> >         if (rc < 0) {
> > -               fprintf(stderr, "%s:  setenforce() failed\n", argv[0]);
> > +               fprintf(stderr, "%s:  security_setenforce() failed:  %s\n", argv[0], strerror(errno));
> >                 return 2;
> >         }
> >         return 0;
> > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
> > index 79af55de..a3fbc3ed 100644
> > --- a/libselinux/utils/setfilecon.c
> > +++ b/libselinux/utils/setfilecon.c
> > @@ -1,6 +1,8 @@
> >  #include <unistd.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> >  #include <selinux/selinux.h>
> >
> >  int main(int argc, char **argv)
> > @@ -15,8 +17,8 @@ int main(int argc, char **argv)
> >         for (i = 2; i < argc; i++) {
> >                 rc = setfilecon(argv[i], argv[1]);
> >                 if (rc < 0) {
> > -                       fprintf(stderr, "%s:  setfilecon(%s,%s) failed\n",
> > -                               argv[0], argv[i], argv[1]);
> > +                       fprintf(stderr, "%s:  setfilecon(%s,%s) failed:  %s\n",
> > +                               argv[0], argv[i], argv[1], strerror(errno));
> >                         exit(2);
> >                 }
> >         }
> > --
> > 2.36.0
> >




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux