Re: Change default error handling in libselinux matchpathcon to use syslog instead of stderr.

[Daniel J Walsh <dwalsh@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 2375 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Tue, 2007-09-18 at 11:35 -0400, Daniel J Walsh wrote:
> Current behavior causes problems with network applications.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=273081
> 
>> I'm not sure about changing current behavior, as that is effectively an
>> "interface" change.  Or if it isn't, then there are other such changes I
>> would make too (e.g. changing the default for SETLOCALDEFS in libselinux
>> comes to mind).
> 
>> What if they used the newer interfaces introduced by Eamon (selabel*)?
>> setfiles has already been rewritten by him to use those interfaces, and
>> thus matchpathcon is a legacy interface at this point.  Does the same
>> problem exist there?
> 
>> I suppose that doesn't help you though with RHEL 5, as it would only
>> have the older interfaces.
> 
>> Changing the interface from one arbitrary default (stderr) to another
>> arbitrary default (syslog) doesn't seem like an improvement, although it
>> would fix this particular issue I suppose.  We would need to at least
>> make sure that setfiles -c continues to report the error messages as
>> expected.
> 
>> One comment below on the code itself.  
> 
plain text document attachment (diff)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c
libselinux-2.0.33/src/matchpathcon.c
- --- nsalibselinux/src/matchpathcon.c	2007-08-10 11:58:34.000000000 -0400
+++ libselinux-2.0.33/src/matchpathcon.c	2007-09-18 11:28:07.000000000 -0400
@@ -2,6 +2,7 @@
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
+#include <syslog.h>
 #include "selinux_internal.h"
 #include "label_internal.h"
 #include "callbacks.h"
@@ -55,10 +56,12 @@
 #endif
     default_printf(const char *fmt, ...)
 {
+	char buf[BUFSIZ];
 	va_list ap;
 	va_start(ap, fmt);
- -	vfprintf(stderr, fmt, ap);
+	vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
 	va_end(ap);
+	syslog(LOG_ERR, buf, strlen(buf));
 }

> Could you use vsyslog() instead to avoid the need for a fixed size
> buffer?


 void

Sure, I did not know that interface existed.

man syslog and
man 3 syslog are different.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG8CtXrlYvE4MpobMRArAnAJsGDG1/UQtq8O/3sOWsWg6mbs+OaACg11BH
44PynbOo4cSB9hcAq66yjiw=
=dPQV
-----END PGP SIGNATURE-----

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 572 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.33/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c	2007-08-10 11:58:34.000000000 -0400
+++ libselinux-2.0.33/src/matchpathcon.c	2007-09-18 15:45:42.000000000 -0400
@@ -2,6 +2,7 @@
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
+#include <syslog.h>
 #include "selinux_internal.h"
 #include "label_internal.h"
 #include "callbacks.h"
@@ -57,7 +58,7 @@
 {
 	va_list ap;
 	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
+	vsyslog(LOG_ERR, fmt, ap);
 	va_end(ap);
 }
 

[-- Attachment #3: diff.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]