* [PATCH] libselinux: load_policy: log using selinux_log instead of fprintf
@ 2025-07-30 15:07 Rahul Sandhu
2025-07-30 16:54 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Rahul Sandhu @ 2025-07-30 15:07 UTC (permalink / raw)
To: selinux; +Cc: Rahul Sandhu
This allows consumers to override our logging to stderr using the
callback based mechanism selinux_log provides.
Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
---
libselinux/src/load_policy.c | 37 ++++++++++++++++++------------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index f67e5538..8e737a23 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -16,6 +16,7 @@
#include <sepol/policydb.h>
#endif
#include <dlfcn.h>
+#include "callbacks.h"
#include "policy.h"
#include <limits.h>
@@ -136,25 +137,25 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
fd = open(path, O_RDONLY | O_CLOEXEC);
}
if (fd < 0) {
- fprintf(stderr,
- "SELinux: Could not open policy file <= %s.%d: %m\n",
- selinux_binary_policy_path(), maxvers);
+ selinux_log(SELINUX_ERROR,
+ "SELinux: Could not open policy file <= %s.%d: %m\n",
+ selinux_binary_policy_path(), maxvers);
goto dlclose;
}
if (fstat(fd, &sb) < 0) {
- fprintf(stderr,
- "SELinux: Could not stat policy file %s: %m\n",
- path);
+ selinux_log(SELINUX_ERROR,
+ "SELinux: Could not stat policy file %s: %m\n",
+ path);
goto close;
}
size = sb.st_size;
data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
if (map == MAP_FAILED) {
- fprintf(stderr,
- "SELinux: Could not map policy file %s: %m\n",
- path);
+ selinux_log(SELINUX_ERROR,
+ "SELinux: Could not map policy file %s: %m\n",
+ path);
goto close;
}
@@ -175,9 +176,9 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
if (policydb_set_vers(policydb, kernvers) ||
policydb_to_image(NULL, policydb, &data, &size)) {
/* Downgrade failed, keep searching. */
- fprintf(stderr,
- "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
- path);
+ selinux_log(SELINUX_ERROR,
+ "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
+ path);
policy_file_free(pf);
policydb_free(policydb);
munmap(map, sb.st_size);
@@ -192,9 +193,9 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
rc = security_load_policy(data, size);
if (rc)
- fprintf(stderr,
- "SELinux: Could not load policy file %s: %m\n",
- path);
+ selinux_log(SELINUX_ERROR,
+ "SELinux: Could not load policy file %s: %m\n",
+ path);
unmap:
if (data != map)
@@ -205,7 +206,7 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
dlclose:
#ifdef SHARED
if (errormsg)
- fprintf(stderr, "libselinux: %s\n", errormsg);
+ selinux_log(SELINUX_ERROR, "libselinux: %s\n", errormsg);
if (libsepolh)
dlclose(libsepolh);
#endif
@@ -317,7 +318,7 @@ int selinux_init_load_policy(int *enforce)
*enforce = 0;
} else {
/* Only emit this error if selinux was not disabled */
- fprintf(stderr, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT);
+ selinux_log(SELINUX_ERROR, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT);
}
if (rc == 0)
@@ -365,7 +366,7 @@ int selinux_init_load_policy(int *enforce)
if (orig_enforce != *enforce) {
rc = security_setenforce(*enforce);
if (rc < 0) {
- fprintf(stderr, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive"));
+ selinux_log(SELINUX_ERROR, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive"));
if (*enforce)
goto noload;
}
--
2.50.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] libselinux: load_policy: log using selinux_log instead of fprintf
2025-07-30 15:07 [PATCH] libselinux: load_policy: log using selinux_log instead of fprintf Rahul Sandhu
@ 2025-07-30 16:54 ` Stephen Smalley
2025-07-31 14:17 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2025-07-30 16:54 UTC (permalink / raw)
To: Rahul Sandhu; +Cc: selinux
On Wed, Jul 30, 2025 at 11:08 AM Rahul Sandhu <nvraxn@gmail.com> wrote:
>
> This allows consumers to override our logging to stderr using the
> callback based mechanism selinux_log provides.
>
> Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
> libselinux/src/load_policy.c | 37 ++++++++++++++++++------------------
> 1 file changed, 19 insertions(+), 18 deletions(-)
>
> diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
> index f67e5538..8e737a23 100644
> --- a/libselinux/src/load_policy.c
> +++ b/libselinux/src/load_policy.c
> @@ -16,6 +16,7 @@
> #include <sepol/policydb.h>
> #endif
> #include <dlfcn.h>
> +#include "callbacks.h"
> #include "policy.h"
> #include <limits.h>
>
> @@ -136,25 +137,25 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> fd = open(path, O_RDONLY | O_CLOEXEC);
> }
> if (fd < 0) {
> - fprintf(stderr,
> - "SELinux: Could not open policy file <= %s.%d: %m\n",
> - selinux_binary_policy_path(), maxvers);
> + selinux_log(SELINUX_ERROR,
> + "SELinux: Could not open policy file <= %s.%d: %m\n",
> + selinux_binary_policy_path(), maxvers);
> goto dlclose;
> }
>
> if (fstat(fd, &sb) < 0) {
> - fprintf(stderr,
> - "SELinux: Could not stat policy file %s: %m\n",
> - path);
> + selinux_log(SELINUX_ERROR,
> + "SELinux: Could not stat policy file %s: %m\n",
> + path);
> goto close;
> }
>
> size = sb.st_size;
> data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
> if (map == MAP_FAILED) {
> - fprintf(stderr,
> - "SELinux: Could not map policy file %s: %m\n",
> - path);
> + selinux_log(SELINUX_ERROR,
> + "SELinux: Could not map policy file %s: %m\n",
> + path);
> goto close;
> }
>
> @@ -175,9 +176,9 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> if (policydb_set_vers(policydb, kernvers) ||
> policydb_to_image(NULL, policydb, &data, &size)) {
> /* Downgrade failed, keep searching. */
> - fprintf(stderr,
> - "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
> - path);
> + selinux_log(SELINUX_ERROR,
> + "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
> + path);
> policy_file_free(pf);
> policydb_free(policydb);
> munmap(map, sb.st_size);
> @@ -192,9 +193,9 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> rc = security_load_policy(data, size);
>
> if (rc)
> - fprintf(stderr,
> - "SELinux: Could not load policy file %s: %m\n",
> - path);
> + selinux_log(SELINUX_ERROR,
> + "SELinux: Could not load policy file %s: %m\n",
> + path);
>
> unmap:
> if (data != map)
> @@ -205,7 +206,7 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> dlclose:
> #ifdef SHARED
> if (errormsg)
> - fprintf(stderr, "libselinux: %s\n", errormsg);
> + selinux_log(SELINUX_ERROR, "libselinux: %s\n", errormsg);
> if (libsepolh)
> dlclose(libsepolh);
> #endif
> @@ -317,7 +318,7 @@ int selinux_init_load_policy(int *enforce)
> *enforce = 0;
> } else {
> /* Only emit this error if selinux was not disabled */
> - fprintf(stderr, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT);
> + selinux_log(SELINUX_ERROR, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT);
> }
>
> if (rc == 0)
> @@ -365,7 +366,7 @@ int selinux_init_load_policy(int *enforce)
> if (orig_enforce != *enforce) {
> rc = security_setenforce(*enforce);
> if (rc < 0) {
> - fprintf(stderr, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive"));
> + selinux_log(SELINUX_ERROR, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive"));
> if (*enforce)
> goto noload;
> }
> --
> 2.50.1
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] libselinux: load_policy: log using selinux_log instead of fprintf
2025-07-30 16:54 ` Stephen Smalley
@ 2025-07-31 14:17 ` Stephen Smalley
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2025-07-31 14:17 UTC (permalink / raw)
To: Rahul Sandhu; +Cc: selinux
On Wed, Jul 30, 2025 at 12:54 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Wed, Jul 30, 2025 at 11:08 AM Rahul Sandhu <nvraxn@gmail.com> wrote:
> >
> > This allows consumers to override our logging to stderr using the
> > callback based mechanism selinux_log provides.
> >
> > Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
>
> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Thanks, applied.
>
> > ---
> > libselinux/src/load_policy.c | 37 ++++++++++++++++++------------------
> > 1 file changed, 19 insertions(+), 18 deletions(-)
> >
> > diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
> > index f67e5538..8e737a23 100644
> > --- a/libselinux/src/load_policy.c
> > +++ b/libselinux/src/load_policy.c
> > @@ -16,6 +16,7 @@
> > #include <sepol/policydb.h>
> > #endif
> > #include <dlfcn.h>
> > +#include "callbacks.h"
> > #include "policy.h"
> > #include <limits.h>
> >
> > @@ -136,25 +137,25 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> > fd = open(path, O_RDONLY | O_CLOEXEC);
> > }
> > if (fd < 0) {
> > - fprintf(stderr,
> > - "SELinux: Could not open policy file <= %s.%d: %m\n",
> > - selinux_binary_policy_path(), maxvers);
> > + selinux_log(SELINUX_ERROR,
> > + "SELinux: Could not open policy file <= %s.%d: %m\n",
> > + selinux_binary_policy_path(), maxvers);
> > goto dlclose;
> > }
> >
> > if (fstat(fd, &sb) < 0) {
> > - fprintf(stderr,
> > - "SELinux: Could not stat policy file %s: %m\n",
> > - path);
> > + selinux_log(SELINUX_ERROR,
> > + "SELinux: Could not stat policy file %s: %m\n",
> > + path);
> > goto close;
> > }
> >
> > size = sb.st_size;
> > data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
> > if (map == MAP_FAILED) {
> > - fprintf(stderr,
> > - "SELinux: Could not map policy file %s: %m\n",
> > - path);
> > + selinux_log(SELINUX_ERROR,
> > + "SELinux: Could not map policy file %s: %m\n",
> > + path);
> > goto close;
> > }
> >
> > @@ -175,9 +176,9 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> > if (policydb_set_vers(policydb, kernvers) ||
> > policydb_to_image(NULL, policydb, &data, &size)) {
> > /* Downgrade failed, keep searching. */
> > - fprintf(stderr,
> > - "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
> > - path);
> > + selinux_log(SELINUX_ERROR,
> > + "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
> > + path);
> > policy_file_free(pf);
> > policydb_free(policydb);
> > munmap(map, sb.st_size);
> > @@ -192,9 +193,9 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> > rc = security_load_policy(data, size);
> >
> > if (rc)
> > - fprintf(stderr,
> > - "SELinux: Could not load policy file %s: %m\n",
> > - path);
> > + selinux_log(SELINUX_ERROR,
> > + "SELinux: Could not load policy file %s: %m\n",
> > + path);
> >
> > unmap:
> > if (data != map)
> > @@ -205,7 +206,7 @@ int selinux_mkload_policy(int preservebools __attribute__((unused)))
> > dlclose:
> > #ifdef SHARED
> > if (errormsg)
> > - fprintf(stderr, "libselinux: %s\n", errormsg);
> > + selinux_log(SELINUX_ERROR, "libselinux: %s\n", errormsg);
> > if (libsepolh)
> > dlclose(libsepolh);
> > #endif
> > @@ -317,7 +318,7 @@ int selinux_init_load_policy(int *enforce)
> > *enforce = 0;
> > } else {
> > /* Only emit this error if selinux was not disabled */
> > - fprintf(stderr, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT);
> > + selinux_log(SELINUX_ERROR, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT);
> > }
> >
> > if (rc == 0)
> > @@ -365,7 +366,7 @@ int selinux_init_load_policy(int *enforce)
> > if (orig_enforce != *enforce) {
> > rc = security_setenforce(*enforce);
> > if (rc < 0) {
> > - fprintf(stderr, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive"));
> > + selinux_log(SELINUX_ERROR, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive"));
> > if (*enforce)
> > goto noload;
> > }
> > --
> > 2.50.1
> >
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-07-31 14:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-30 15:07 [PATCH] libselinux: load_policy: log using selinux_log instead of fprintf Rahul Sandhu
2025-07-30 16:54 ` Stephen Smalley
2025-07-31 14:17 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).