Richard W.M. Jones
2017-Mar-20 18:15 UTC
[Libguestfs] [PATCH] daemon: selinux: Add setfiles -vv flags when verbose.
This shows which files are being relabelled. Also only use -q
(suppress non-error output) when we are not verbose.
---
daemon/selinux-relabel.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 2f48ee6..e7da42d 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -112,8 +112,11 @@ do_selinux_relabel (const char *specfile, const char *path,
ADD_ARG (argv, i, sysroot);
}
- /* Suppress non-error output. */
- ADD_ARG (argv, i, "-q");
+ if (verbose)
+ ADD_ARG (argv, i, "-vv");
+ else
+ /* Suppress non-error output. */
+ ADD_ARG (argv, i, "-q");
/* Add parameters. */
ADD_ARG (argv, i, s_specfile);
--
2.10.2
Pino Toscano
2017-Mar-21 09:59 UTC
Re: [Libguestfs] [PATCH] daemon: selinux: Add setfiles -vv flags when verbose.
On Monday, 20 March 2017 19:15:01 CET Richard W.M. Jones wrote:> This shows which files are being relabelled. Also only use -q > (suppress non-error output) when we are not verbose. > --- > daemon/selinux-relabel.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c > index 2f48ee6..e7da42d 100644 > --- a/daemon/selinux-relabel.c > +++ b/daemon/selinux-relabel.c > @@ -112,8 +112,11 @@ do_selinux_relabel (const char *specfile, const char *path, > ADD_ARG (argv, i, sysroot); > } > > - /* Suppress non-error output. */ > - ADD_ARG (argv, i, "-q"); > + if (verbose) > + ADD_ARG (argv, i, "-vv"); > + else > + /* Suppress non-error output. */ > + ADD_ARG (argv, i, "-q");I've checked the setfiles code (since neither -h nor the manpage mention anything about that), and it seems -v is a simple switch. Since -vv behaves as -v, I think passing just -v should be enough. LGTM otherwise. Thanks, -- Pino Toscano
Richard W.M. Jones
2017-Mar-21 14:45 UTC
Re: [Libguestfs] [PATCH] daemon: selinux: Add setfiles -vv flags when verbose.
On Tue, Mar 21, 2017 at 10:59:48AM +0100, Pino Toscano wrote:> On Monday, 20 March 2017 19:15:01 CET Richard W.M. Jones wrote: > > This shows which files are being relabelled. Also only use -q > > (suppress non-error output) when we are not verbose. > > --- > > daemon/selinux-relabel.c | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c > > index 2f48ee6..e7da42d 100644 > > --- a/daemon/selinux-relabel.c > > +++ b/daemon/selinux-relabel.c > > @@ -112,8 +112,11 @@ do_selinux_relabel (const char *specfile, const char *path, > > ADD_ARG (argv, i, sysroot); > > } > > > > - /* Suppress non-error output. */ > > - ADD_ARG (argv, i, "-q"); > > + if (verbose) > > + ADD_ARG (argv, i, "-vv"); > > + else > > + /* Suppress non-error output. */ > > + ADD_ARG (argv, i, "-q"); > > I've checked the setfiles code (since neither -h nor the manpage mention > anything about that), and it seems -v is a simple switch. Since -vv > behaves as -v, I think passing just -v should be enough. > > LGTM otherwise.OK, I was going on what one of the SELinux developers told me :-) I'll change this to -v and push it. This one does not need to go into RHEL 7.4. Indeed there's a minor risk that too many messages might break SELinux relabelling (although it didn't in my tests). Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW
Possibly Parallel Threads
- Re: [PATCH] daemon: selinux: Add setfiles -vv flags when verbose.
- [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).
- SELinux relabel API
- [PATCH 2/2] Use setfiles from the appliance for the SELinux relabel (RHBZ#1089100).
- [PATCH v2 2/7] New API: setfiles - SELinux relabel parts of the filesystem.