From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001
Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 14 Feb 2019 13:12:49 +0200
Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux
 plugin, doh.

When there's an actual error, people will want to know without having
to rerun in verbose mode. Such as in RhBug:1641631 where configured
selinux policy differs from what is installed - the former message

    error: Plugin selinux: hook tsm_pre failed

...is not particularly helpful to anybody, whereas this actually provides
some clues now:

    error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory
    error: Plugin selinux: hook tsm_pre failed
---
 plugins/selinux.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/plugins/selinux.c b/plugins/selinux.c
index accd47416..f1caf257c 100644
--- a/plugins/selinux.c
+++ b/plugins/selinux.c
@@ -12,6 +12,11 @@
 
 static struct selabel_handle * sehandle = NULL;
 
+static inline rpmlogLvl loglvl(int iserror)
+{
+    return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
+}
+
 static void sehandle_fini(int close_status)
 {
     if (sehandle) {
@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status)
 
     sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
 
-    rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
+    rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
 	   path, (sehandle == NULL ? strerror(errno) : ""));
 
     return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
     if ((xx = setexeccon(newcon)) == 0)
 	rc = RPMRC_OK;
 
-    if (rpmIsDebug()) {
-	rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n",
+    rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
 	       path, newcon, (xx < 0 ? strerror(errno) : ""));
-    }
 
 exit:
     context_free(con);
@@ -143,10 +146,8 @@ exit:
     if ((xx = setexecfilecon(path, "rpm_script_t") == 0))
 	rc = RPMRC_OK;
 
-    if (rpmIsDebug()) {
-	rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n",
+    rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
 	       path, (xx < 0 ? strerror(errno) : ""));
-    }
 #endif
     /* If selinux is not enforcing, we don't care either */
     if (rc && security_getenforce() < 1)
@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
 	if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
 	    int conrc = lsetfilecon(path, scon);
 
-	    if (rpmIsDebug()) {
-		rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
+	    rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n",
 		       path, scon, (conrc < 0 ? strerror(errno) : ""));
-	    }
 
 	    if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
 		rc = RPMRC_OK;
-- 
2.20.1