Commit bc26ddc59c8d ("libsepol/cil: Limit the amount of reporting for
context rule conflicts") reworked the processing of context rule
conflicts to limit the number of written conflicting statements to
increase readability of the printed error message. It forgot to set the
return value, signaling a context conflict, in the case the logging
level is higher than warning (e.g. in semodule(8), which defaults to
error).
Reported-by: Milos Malik <mmalik@xxxxxxxxxx> [1]
Fixes: bc26ddc59c8d ("libsepol/cil: Limit the amount of reporting for context rule conflicts")
[1]: https://lore.kernel.org/selinux/87y1u1rkoo.fsf@xxxxxxxxxx/
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/cil/src/cil_post.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index 6e95225f..11e572e2 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -2290,6 +2290,7 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
} else {
removed++;
if (!db->multiple_decls || concompar(&sort->array[i], &sort->array[j]) != 0) {
+ rc = SEPOL_ERR;
conflicting++;
if (log_level >= CIL_WARN) {
struct cil_list_item li;
@@ -2297,7 +2298,6 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
li.flavor = flavor;
if (conflicting == 1) {
cil_log(CIL_WARN, "Found conflicting %s rules\n", flavor_str);
- rc = SEPOL_ERR;
li.data = sort->array[i];
rc2 = cil_tree_walk(db->ast->root, __cil_post_report_conflict,
NULL, NULL, &li);
--
2.37.2
