On Fri, Mar 15, 2024 at 1:31 PM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > If no policy has been loaded yet and thus the current context is still > "kernel" avoid logging failures in get_ordered_context_list(), like: > > get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/users/root > get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/default_contexts > > Since get_context_user() needs a valid context, because it tries to split > it into its parts, jump right to the failsafe. Needs a sign-off. Thanks, Jim > --- > libselinux/src/get_context_list.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c > index 7e23be05..ec3775a8 100644 > --- a/libselinux/src/get_context_list.c > +++ b/libselinux/src/get_context_list.c > @@ -427,6 +427,12 @@ int get_ordered_context_list(const char *user, > fromcon = backup_fromcon; > } > > + if (strcmp(fromcon, "kernel") == 0) > + /* get_context_user() needs a valid context, avoid > + * unnecessary log messages if no policy has been loaded > + * yet. */ > + goto failsafe; > + > /* Determine the ordering to apply from the optional per-user config > and from the global config. */ > fname_len = strlen(user_contexts_path) + strlen(user) + 2; > -- > 2.43.0 > >
