Mute error messages produced by selinux_restorecon when rebuilding the policy store to avoid error messages in containers, image mode, etc. Fixes: #podman build --security-opt=label=disable --cap-add=all --device /dev/fuse -t quay.io/jlebon/fedora-bootc:tier-x . --build-arg MANIFEST=fedora-tier-x.yaml --from quay.io/fedora/fedora:rawhide ... Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas/lang_ext: Operation not supported Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas: Operation not supported Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/cil: Operation not supported Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/hll: Operation not supported ... https://bugzilla.redhat.com/show_bug.cgi?id=2326348 Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx> --- I feel like this is probably not the best solution, so feel free to suggest a better way. The logs are all the more annoying because there is so many at once and they clog up the logs and terminals so I am wonering about removing the ERR after a failed fchown as well. libsemanage/src/semanage_store.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index e44efc16..2ca2e900 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -3000,15 +3000,29 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, return 0; } +/* log_callback muting all logs */ +static int __attribute__ ((format(printf, 2, 3))) +log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) const char *fmt, ...) +{ + return 0; +} + /* Make sure the file context and ownership of files in the policy * store does not change */ void semanage_setfiles(semanage_handle_t * sh, const char *path){ struct stat sb; int fd; + union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG); + union selinux_callback cb = { .func_log = log_callback_mute }; + + /* Mute all logs */ + selinux_set_callback(SELINUX_CB_LOG, cb); + /* Fix the user and role portions of the context, ignore errors * since this is not a critical operation */ selinux_restorecon(path, SELINUX_RESTORECON_SET_SPECFILE_CTX | SELINUX_RESTORECON_IGNORE_NOENTRY); - + /* restore log_logging */ + selinux_set_callback(SELINUX_CB_LOG, cb_orig); /* Make sure "path" is owned by root */ if ((geteuid() != 0 || getegid() != 0) && ((fd = open(path, O_RDONLY | O_CLOEXEC)) != -1)){ -- 2.47.0
