* [PATCH] libselinux/utils: print errno on failure
@ 2022-05-05 17:44 Christian Göttsche
2022-05-09 14:38 ` James Carter
2022-05-12 19:38 ` James Carter
0 siblings, 2 replies; 5+ messages in thread
From: Christian Göttsche @ 2022-05-05 17:44 UTC (permalink / raw)
To: selinux
Print error description on failure after functions known to set errno.
Also mention the library function name in getenforce, policyvers and
setenforce instead of the program name twice.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/compute_av.c | 3 ++-
libselinux/utils/compute_create.c | 5 +++--
libselinux/utils/compute_member.c | 5 +++--
libselinux/utils/compute_relabel.c | 5 +++--
libselinux/utils/getconlist.c | 2 +-
libselinux/utils/getdefaultcon.c | 2 +-
libselinux/utils/getenforce.c | 4 +++-
libselinux/utils/getfilecon.c | 6 ++++--
libselinux/utils/getpidcon.c | 4 +++-
libselinux/utils/policyvers.c | 4 +++-
libselinux/utils/selabel_digest.c | 2 +-
libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++-
libselinux/utils/selabel_lookup.c | 3 ++-
libselinux/utils/selabel_lookup_best_match.c | 3 ++-
libselinux/utils/selabel_partial_match.c | 3 ++-
libselinux/utils/setenforce.c | 3 ++-
libselinux/utils/setfilecon.c | 6 ++++--
17 files changed, 41 insertions(+), 22 deletions(-)
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
index ef08338f..cca407d6 100644
--- a/libselinux/utils/compute_av.c
+++ b/libselinux/utils/compute_av.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,7 +36,7 @@ int main(int argc, char **argv)
ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
+ fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
index 63029c19..c6481f4b 100644
--- a/libselinux/utils/compute_create.c
+++ b/libselinux/utils/compute_create.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,8 +36,8 @@ int main(int argc, char **argv)
ret = security_compute_create(argv[1], argv[2], tclass, &buf);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_create failed\n",
- argv[0]);
+ fprintf(stderr, "%s: security_compute_create failed: %s\n",
+ argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
index 1ef47c25..9fe790ee 100644
--- a/libselinux/utils/compute_member.c
+++ b/libselinux/utils/compute_member.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,8 +36,8 @@ int main(int argc, char **argv)
ret = security_compute_member(argv[1], argv[2], tclass, &buf);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_member failed\n",
- argv[0]);
+ fprintf(stderr, "%s: security_compute_member failed: %s\n",
+ argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
index f6a957da..bdd39d0f 100644
--- a/libselinux/utils/compute_relabel.c
+++ b/libselinux/utils/compute_relabel.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,8 +36,8 @@ int main(int argc, char **argv)
ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_relabel failed\n",
- argv[0]);
+ fprintf(stderr, "%s: security_compute_relabel failed: %s\n",
+ argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
index 0bb28469..92f6a793 100644
--- a/libselinux/utils/getconlist.c
+++ b/libselinux/utils/getconlist.c
@@ -55,7 +55,7 @@ int main(int argc, char **argv)
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
if (getcon(&cur_context) < 0) {
- fprintf(stderr, "Couldn't get current context.\n");
+ fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
free(level);
return 2;
}
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
index 590e98d9..93102e5e 100644
--- a/libselinux/utils/getdefaultcon.c
+++ b/libselinux/utils/getdefaultcon.c
@@ -62,7 +62,7 @@ int main(int argc, char **argv)
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
if (getcon(&cur_context) < 0) {
- fprintf(stderr, "Couldn't get current context.\n");
+ fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
return 2;
}
} else
diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
index e5d19c54..aeeb79a8 100644
--- a/libselinux/utils/getenforce.c
+++ b/libselinux/utils/getenforce.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc __attribute__ ((unused)),
@@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)),
if (rc == 1) {
rc = security_getenforce();
if (rc < 0) {
- fputs("getenforce: getenforce() failed", stderr);
+ fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno));
return 2;
}
diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
index 6266ae16..b823a1a1 100644
--- a/libselinux/utils/getfilecon.c
+++ b/libselinux/utils/getfilecon.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
@@ -16,8 +18,8 @@ int main(int argc, char **argv)
for (i = 1; i < argc; i++) {
rc = getfilecon(argv[i], &buf);
if (rc < 0) {
- fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
- argv[i]);
+ fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0],
+ argv[i], strerror(errno));
exit(2);
}
printf("%s\t%s\n", argv[i], buf);
diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
index ea6c274e..1a88fa6d 100644
--- a/libselinux/utils/getpidcon.c
+++ b/libselinux/utils/getpidcon.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
@@ -21,7 +23,7 @@ int main(int argc, char **argv)
rc = getpidcon(pid, &buf);
if (rc < 0) {
- fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
+ fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
index dd56f2c7..5230bcaf 100644
--- a/libselinux/utils/policyvers.c
+++ b/libselinux/utils/policyvers.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc __attribute__ ((unused)), char **argv)
@@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv)
rc = security_policyvers();
if (rc < 0) {
- fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
+ fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno));
exit(2);
}
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index 49408a0b..6a8313a2 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest)
fp = popen(cmd, "r");
if (!fp) {
- printf("Failed to run command line\n");
+ fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno));
return -1;
}
diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
index e28833d2..c4e0f836 100644
--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
+++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
@@ -77,7 +77,8 @@ int main(int argc, char **argv)
hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
return -1;
}
diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
index 1aef64de..112ffda1 100644
--- a/libselinux/utils/selabel_lookup.c
+++ b/libselinux/utils/selabel_lookup.c
@@ -91,7 +91,8 @@ int main(int argc, char **argv)
hnd = selabel_open(backend, selabel_option, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
return -1;
}
diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
index 2cddc6cd..a4af0679 100644
--- a/libselinux/utils/selabel_lookup_best_match.c
+++ b/libselinux/utils/selabel_lookup_best_match.c
@@ -117,7 +117,8 @@ int main(int argc, char **argv)
hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
rc = -1;
goto out;
}
diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
index c5932cb1..7bbd5777 100644
--- a/libselinux/utils/selabel_partial_match.c
+++ b/libselinux/utils/selabel_partial_match.c
@@ -61,7 +61,8 @@ int main(int argc, char **argv)
hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
return -1;
}
diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
index 60a20a4b..67c13dca 100644
--- a/libselinux/utils/setenforce.c
+++ b/libselinux/utils/setenforce.c
@@ -4,6 +4,7 @@
#include <ctype.h>
#include <string.h>
#include <strings.h>
+#include <errno.h>
#include <selinux/selinux.h>
static __attribute__ ((__noreturn__)) void usage(const char *progname)
@@ -35,7 +36,7 @@ int main(int argc, char **argv)
usage(argv[0]);
}
if (rc < 0) {
- fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
+ fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno));
return 2;
}
return 0;
diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
index 79af55de..a3fbc3ed 100644
--- a/libselinux/utils/setfilecon.c
+++ b/libselinux/utils/setfilecon.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
@@ -15,8 +17,8 @@ int main(int argc, char **argv)
for (i = 2; i < argc; i++) {
rc = setfilecon(argv[i], argv[1]);
if (rc < 0) {
- fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
- argv[0], argv[i], argv[1]);
+ fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n",
+ argv[0], argv[i], argv[1], strerror(errno));
exit(2);
}
}
--
2.36.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux/utils: print errno on failure
2022-05-05 17:44 [PATCH] libselinux/utils: print errno on failure Christian Göttsche
@ 2022-05-09 14:38 ` James Carter
2022-05-10 17:22 ` Christian Göttsche
2022-05-12 19:38 ` James Carter
1 sibling, 1 reply; 5+ messages in thread
From: James Carter @ 2022-05-09 14:38 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Sat, May 7, 2022 at 11:59 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Print error description on failure after functions known to set errno.
>
> Also mention the library function name in getenforce, policyvers and
> setenforce instead of the program name twice.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> libselinux/utils/compute_av.c | 3 ++-
> libselinux/utils/compute_create.c | 5 +++--
> libselinux/utils/compute_member.c | 5 +++--
> libselinux/utils/compute_relabel.c | 5 +++--
> libselinux/utils/getconlist.c | 2 +-
> libselinux/utils/getdefaultcon.c | 2 +-
> libselinux/utils/getenforce.c | 4 +++-
> libselinux/utils/getfilecon.c | 6 ++++--
> libselinux/utils/getpidcon.c | 4 +++-
> libselinux/utils/policyvers.c | 4 +++-
> libselinux/utils/selabel_digest.c | 2 +-
> libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++-
> libselinux/utils/selabel_lookup.c | 3 ++-
> libselinux/utils/selabel_lookup_best_match.c | 3 ++-
> libselinux/utils/selabel_partial_match.c | 3 ++-
> libselinux/utils/setenforce.c | 3 ++-
> libselinux/utils/setfilecon.c | 6 ++++--
> 17 files changed, 41 insertions(+), 22 deletions(-)
>
> diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> index ef08338f..cca407d6 100644
> --- a/libselinux/utils/compute_av.c
> +++ b/libselinux/utils/compute_av.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,7 +36,7 @@ int main(int argc, char **argv)
>
> ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
> + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
> exit(3);
> }
>
Back in August you converted a bunch of strerror() uses in libselinux
to instead use "%m" for thread safety. Since all of these are for
utility programs and not the main library, thread safety is not a
concern, but is there any reason not to just use "%m"?
Jim
> diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> index 63029c19..c6481f4b 100644
> --- a/libselinux/utils/compute_create.c
> +++ b/libselinux/utils/compute_create.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,8 +36,8 @@ int main(int argc, char **argv)
>
> ret = security_compute_create(argv[1], argv[2], tclass, &buf);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_create failed\n",
> - argv[0]);
> + fprintf(stderr, "%s: security_compute_create failed: %s\n",
> + argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> index 1ef47c25..9fe790ee 100644
> --- a/libselinux/utils/compute_member.c
> +++ b/libselinux/utils/compute_member.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,8 +36,8 @@ int main(int argc, char **argv)
>
> ret = security_compute_member(argv[1], argv[2], tclass, &buf);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_member failed\n",
> - argv[0]);
> + fprintf(stderr, "%s: security_compute_member failed: %s\n",
> + argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> index f6a957da..bdd39d0f 100644
> --- a/libselinux/utils/compute_relabel.c
> +++ b/libselinux/utils/compute_relabel.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,8 +36,8 @@ int main(int argc, char **argv)
>
> ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_relabel failed\n",
> - argv[0]);
> + fprintf(stderr, "%s: security_compute_relabel failed: %s\n",
> + argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> index 0bb28469..92f6a793 100644
> --- a/libselinux/utils/getconlist.c
> +++ b/libselinux/utils/getconlist.c
> @@ -55,7 +55,7 @@ int main(int argc, char **argv)
> /* If a context wasn't passed, use the current context. */
> if (((argc - optind) < 2)) {
> if (getcon(&cur_context) < 0) {
> - fprintf(stderr, "Couldn't get current context.\n");
> + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> free(level);
> return 2;
> }
> diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> index 590e98d9..93102e5e 100644
> --- a/libselinux/utils/getdefaultcon.c
> +++ b/libselinux/utils/getdefaultcon.c
> @@ -62,7 +62,7 @@ int main(int argc, char **argv)
> /* If a context wasn't passed, use the current context. */
> if (((argc - optind) < 2)) {
> if (getcon(&cur_context) < 0) {
> - fprintf(stderr, "Couldn't get current context.\n");
> + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> return 2;
> }
> } else
> diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
> index e5d19c54..aeeb79a8 100644
> --- a/libselinux/utils/getenforce.c
> +++ b/libselinux/utils/getenforce.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc __attribute__ ((unused)),
> @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)),
> if (rc == 1) {
> rc = security_getenforce();
> if (rc < 0) {
> - fputs("getenforce: getenforce() failed", stderr);
> + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno));
> return 2;
> }
>
> diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
> index 6266ae16..b823a1a1 100644
> --- a/libselinux/utils/getfilecon.c
> +++ b/libselinux/utils/getfilecon.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc, char **argv)
> @@ -16,8 +18,8 @@ int main(int argc, char **argv)
> for (i = 1; i < argc; i++) {
> rc = getfilecon(argv[i], &buf);
> if (rc < 0) {
> - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
> - argv[i]);
> + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0],
> + argv[i], strerror(errno));
> exit(2);
> }
> printf("%s\t%s\n", argv[i], buf);
> diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
> index ea6c274e..1a88fa6d 100644
> --- a/libselinux/utils/getpidcon.c
> +++ b/libselinux/utils/getpidcon.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc, char **argv)
> @@ -21,7 +23,7 @@ int main(int argc, char **argv)
>
> rc = getpidcon(pid, &buf);
> if (rc < 0) {
> - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
> + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
> index dd56f2c7..5230bcaf 100644
> --- a/libselinux/utils/policyvers.c
> +++ b/libselinux/utils/policyvers.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc __attribute__ ((unused)), char **argv)
> @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv)
>
> rc = security_policyvers();
> if (rc < 0) {
> - fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
> + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno));
> exit(2);
> }
>
> diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> index 49408a0b..6a8313a2 100644
> --- a/libselinux/utils/selabel_digest.c
> +++ b/libselinux/utils/selabel_digest.c
> @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest)
>
> fp = popen(cmd, "r");
> if (!fp) {
> - printf("Failed to run command line\n");
> + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> index e28833d2..c4e0f836 100644
> --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
> +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> @@ -77,7 +77,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
> index 1aef64de..112ffda1 100644
> --- a/libselinux/utils/selabel_lookup.c
> +++ b/libselinux/utils/selabel_lookup.c
> @@ -91,7 +91,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(backend, selabel_option, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
> index 2cddc6cd..a4af0679 100644
> --- a/libselinux/utils/selabel_lookup_best_match.c
> +++ b/libselinux/utils/selabel_lookup_best_match.c
> @@ -117,7 +117,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> rc = -1;
> goto out;
> }
> diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
> index c5932cb1..7bbd5777 100644
> --- a/libselinux/utils/selabel_partial_match.c
> +++ b/libselinux/utils/selabel_partial_match.c
> @@ -61,7 +61,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
> index 60a20a4b..67c13dca 100644
> --- a/libselinux/utils/setenforce.c
> +++ b/libselinux/utils/setenforce.c
> @@ -4,6 +4,7 @@
> #include <ctype.h>
> #include <string.h>
> #include <strings.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> static __attribute__ ((__noreturn__)) void usage(const char *progname)
> @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> usage(argv[0]);
> }
> if (rc < 0) {
> - fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
> + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno));
> return 2;
> }
> return 0;
> diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
> index 79af55de..a3fbc3ed 100644
> --- a/libselinux/utils/setfilecon.c
> +++ b/libselinux/utils/setfilecon.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc, char **argv)
> @@ -15,8 +17,8 @@ int main(int argc, char **argv)
> for (i = 2; i < argc; i++) {
> rc = setfilecon(argv[i], argv[1]);
> if (rc < 0) {
> - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
> - argv[0], argv[i], argv[1]);
> + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n",
> + argv[0], argv[i], argv[1], strerror(errno));
> exit(2);
> }
> }
> --
> 2.36.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux/utils: print errno on failure
2022-05-09 14:38 ` James Carter
@ 2022-05-10 17:22 ` Christian Göttsche
0 siblings, 0 replies; 5+ messages in thread
From: Christian Göttsche @ 2022-05-10 17:22 UTC (permalink / raw)
To: James Carter; +Cc: SElinux list
On Mon, 9 May 2022 at 16:38, James Carter <jwcart2@gmail.com> wrote:
>
> On Sat, May 7, 2022 at 11:59 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Print error description on failure after functions known to set errno.
> >
> > Also mention the library function name in getenforce, policyvers and
> > setenforce instead of the program name twice.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > ---
> > libselinux/utils/compute_av.c | 3 ++-
> > libselinux/utils/compute_create.c | 5 +++--
> > libselinux/utils/compute_member.c | 5 +++--
> > libselinux/utils/compute_relabel.c | 5 +++--
> > libselinux/utils/getconlist.c | 2 +-
> > libselinux/utils/getdefaultcon.c | 2 +-
> > libselinux/utils/getenforce.c | 4 +++-
> > libselinux/utils/getfilecon.c | 6 ++++--
> > libselinux/utils/getpidcon.c | 4 +++-
> > libselinux/utils/policyvers.c | 4 +++-
> > libselinux/utils/selabel_digest.c | 2 +-
> > libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++-
> > libselinux/utils/selabel_lookup.c | 3 ++-
> > libselinux/utils/selabel_lookup_best_match.c | 3 ++-
> > libselinux/utils/selabel_partial_match.c | 3 ++-
> > libselinux/utils/setenforce.c | 3 ++-
> > libselinux/utils/setfilecon.c | 6 ++++--
> > 17 files changed, 41 insertions(+), 22 deletions(-)
> >
> > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> > index ef08338f..cca407d6 100644
> > --- a/libselinux/utils/compute_av.c
> > +++ b/libselinux/utils/compute_av.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
> > + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
> > exit(3);
> > }
> >
>
> Back in August you converted a bunch of strerror() uses in libselinux
> to instead use "%m" for thread safety. Since all of these are for
> utility programs and not the main library, thread safety is not a
> concern, but is there any reason not to just use "%m"?
None to my knowledge, other than matching the surrounding code.
>
> Jim
>
> > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> > index 63029c19..c6481f4b 100644
> > --- a/libselinux/utils/compute_create.c
> > +++ b/libselinux/utils/compute_create.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_create(argv[1], argv[2], tclass, &buf);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_create failed\n",
> > - argv[0]);
> > + fprintf(stderr, "%s: security_compute_create failed: %s\n",
> > + argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> > index 1ef47c25..9fe790ee 100644
> > --- a/libselinux/utils/compute_member.c
> > +++ b/libselinux/utils/compute_member.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_member(argv[1], argv[2], tclass, &buf);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_member failed\n",
> > - argv[0]);
> > + fprintf(stderr, "%s: security_compute_member failed: %s\n",
> > + argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> > index f6a957da..bdd39d0f 100644
> > --- a/libselinux/utils/compute_relabel.c
> > +++ b/libselinux/utils/compute_relabel.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_relabel failed\n",
> > - argv[0]);
> > + fprintf(stderr, "%s: security_compute_relabel failed: %s\n",
> > + argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> > index 0bb28469..92f6a793 100644
> > --- a/libselinux/utils/getconlist.c
> > +++ b/libselinux/utils/getconlist.c
> > @@ -55,7 +55,7 @@ int main(int argc, char **argv)
> > /* If a context wasn't passed, use the current context. */
> > if (((argc - optind) < 2)) {
> > if (getcon(&cur_context) < 0) {
> > - fprintf(stderr, "Couldn't get current context.\n");
> > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> > free(level);
> > return 2;
> > }
> > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> > index 590e98d9..93102e5e 100644
> > --- a/libselinux/utils/getdefaultcon.c
> > +++ b/libselinux/utils/getdefaultcon.c
> > @@ -62,7 +62,7 @@ int main(int argc, char **argv)
> > /* If a context wasn't passed, use the current context. */
> > if (((argc - optind) < 2)) {
> > if (getcon(&cur_context) < 0) {
> > - fprintf(stderr, "Couldn't get current context.\n");
> > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> > return 2;
> > }
> > } else
> > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
> > index e5d19c54..aeeb79a8 100644
> > --- a/libselinux/utils/getenforce.c
> > +++ b/libselinux/utils/getenforce.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc __attribute__ ((unused)),
> > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)),
> > if (rc == 1) {
> > rc = security_getenforce();
> > if (rc < 0) {
> > - fputs("getenforce: getenforce() failed", stderr);
> > + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno));
> > return 2;
> > }
> >
> > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
> > index 6266ae16..b823a1a1 100644
> > --- a/libselinux/utils/getfilecon.c
> > +++ b/libselinux/utils/getfilecon.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc, char **argv)
> > @@ -16,8 +18,8 @@ int main(int argc, char **argv)
> > for (i = 1; i < argc; i++) {
> > rc = getfilecon(argv[i], &buf);
> > if (rc < 0) {
> > - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
> > - argv[i]);
> > + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0],
> > + argv[i], strerror(errno));
> > exit(2);
> > }
> > printf("%s\t%s\n", argv[i], buf);
> > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
> > index ea6c274e..1a88fa6d 100644
> > --- a/libselinux/utils/getpidcon.c
> > +++ b/libselinux/utils/getpidcon.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc, char **argv)
> > @@ -21,7 +23,7 @@ int main(int argc, char **argv)
> >
> > rc = getpidcon(pid, &buf);
> > if (rc < 0) {
> > - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
> > + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
> > index dd56f2c7..5230bcaf 100644
> > --- a/libselinux/utils/policyvers.c
> > +++ b/libselinux/utils/policyvers.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc __attribute__ ((unused)), char **argv)
> > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv)
> >
> > rc = security_policyvers();
> > if (rc < 0) {
> > - fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
> > + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno));
> > exit(2);
> > }
> >
> > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> > index 49408a0b..6a8313a2 100644
> > --- a/libselinux/utils/selabel_digest.c
> > +++ b/libselinux/utils/selabel_digest.c
> > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest)
> >
> > fp = popen(cmd, "r");
> > if (!fp) {
> > - printf("Failed to run command line\n");
> > + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > index e28833d2..c4e0f836 100644
> > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > @@ -77,7 +77,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
> > index 1aef64de..112ffda1 100644
> > --- a/libselinux/utils/selabel_lookup.c
> > +++ b/libselinux/utils/selabel_lookup.c
> > @@ -91,7 +91,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(backend, selabel_option, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
> > index 2cddc6cd..a4af0679 100644
> > --- a/libselinux/utils/selabel_lookup_best_match.c
> > +++ b/libselinux/utils/selabel_lookup_best_match.c
> > @@ -117,7 +117,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > rc = -1;
> > goto out;
> > }
> > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
> > index c5932cb1..7bbd5777 100644
> > --- a/libselinux/utils/selabel_partial_match.c
> > +++ b/libselinux/utils/selabel_partial_match.c
> > @@ -61,7 +61,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
> > index 60a20a4b..67c13dca 100644
> > --- a/libselinux/utils/setenforce.c
> > +++ b/libselinux/utils/setenforce.c
> > @@ -4,6 +4,7 @@
> > #include <ctype.h>
> > #include <string.h>
> > #include <strings.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > static __attribute__ ((__noreturn__)) void usage(const char *progname)
> > @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> > usage(argv[0]);
> > }
> > if (rc < 0) {
> > - fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
> > + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno));
> > return 2;
> > }
> > return 0;
> > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
> > index 79af55de..a3fbc3ed 100644
> > --- a/libselinux/utils/setfilecon.c
> > +++ b/libselinux/utils/setfilecon.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc, char **argv)
> > @@ -15,8 +17,8 @@ int main(int argc, char **argv)
> > for (i = 2; i < argc; i++) {
> > rc = setfilecon(argv[i], argv[1]);
> > if (rc < 0) {
> > - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
> > - argv[0], argv[i], argv[1]);
> > + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n",
> > + argv[0], argv[i], argv[1], strerror(errno));
> > exit(2);
> > }
> > }
> > --
> > 2.36.0
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux/utils: print errno on failure
2022-05-05 17:44 [PATCH] libselinux/utils: print errno on failure Christian Göttsche
2022-05-09 14:38 ` James Carter
@ 2022-05-12 19:38 ` James Carter
2022-05-16 17:05 ` James Carter
1 sibling, 1 reply; 5+ messages in thread
From: James Carter @ 2022-05-12 19:38 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Sat, May 7, 2022 at 11:59 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Print error description on failure after functions known to set errno.
>
> Also mention the library function name in getenforce, policyvers and
> setenforce instead of the program name twice.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libselinux/utils/compute_av.c | 3 ++-
> libselinux/utils/compute_create.c | 5 +++--
> libselinux/utils/compute_member.c | 5 +++--
> libselinux/utils/compute_relabel.c | 5 +++--
> libselinux/utils/getconlist.c | 2 +-
> libselinux/utils/getdefaultcon.c | 2 +-
> libselinux/utils/getenforce.c | 4 +++-
> libselinux/utils/getfilecon.c | 6 ++++--
> libselinux/utils/getpidcon.c | 4 +++-
> libselinux/utils/policyvers.c | 4 +++-
> libselinux/utils/selabel_digest.c | 2 +-
> libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++-
> libselinux/utils/selabel_lookup.c | 3 ++-
> libselinux/utils/selabel_lookup_best_match.c | 3 ++-
> libselinux/utils/selabel_partial_match.c | 3 ++-
> libselinux/utils/setenforce.c | 3 ++-
> libselinux/utils/setfilecon.c | 6 ++++--
> 17 files changed, 41 insertions(+), 22 deletions(-)
>
> diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> index ef08338f..cca407d6 100644
> --- a/libselinux/utils/compute_av.c
> +++ b/libselinux/utils/compute_av.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,7 +36,7 @@ int main(int argc, char **argv)
>
> ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
> + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> index 63029c19..c6481f4b 100644
> --- a/libselinux/utils/compute_create.c
> +++ b/libselinux/utils/compute_create.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,8 +36,8 @@ int main(int argc, char **argv)
>
> ret = security_compute_create(argv[1], argv[2], tclass, &buf);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_create failed\n",
> - argv[0]);
> + fprintf(stderr, "%s: security_compute_create failed: %s\n",
> + argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> index 1ef47c25..9fe790ee 100644
> --- a/libselinux/utils/compute_member.c
> +++ b/libselinux/utils/compute_member.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,8 +36,8 @@ int main(int argc, char **argv)
>
> ret = security_compute_member(argv[1], argv[2], tclass, &buf);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_member failed\n",
> - argv[0]);
> + fprintf(stderr, "%s: security_compute_member failed: %s\n",
> + argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> index f6a957da..bdd39d0f 100644
> --- a/libselinux/utils/compute_relabel.c
> +++ b/libselinux/utils/compute_relabel.c
> @@ -2,6 +2,7 @@
> #include <sys/types.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> #include <errno.h>
> #include <selinux/selinux.h>
>
> @@ -35,8 +36,8 @@ int main(int argc, char **argv)
>
> ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
> if (ret < 0) {
> - fprintf(stderr, "%s: security_compute_relabel failed\n",
> - argv[0]);
> + fprintf(stderr, "%s: security_compute_relabel failed: %s\n",
> + argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> index 0bb28469..92f6a793 100644
> --- a/libselinux/utils/getconlist.c
> +++ b/libselinux/utils/getconlist.c
> @@ -55,7 +55,7 @@ int main(int argc, char **argv)
> /* If a context wasn't passed, use the current context. */
> if (((argc - optind) < 2)) {
> if (getcon(&cur_context) < 0) {
> - fprintf(stderr, "Couldn't get current context.\n");
> + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> free(level);
> return 2;
> }
> diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> index 590e98d9..93102e5e 100644
> --- a/libselinux/utils/getdefaultcon.c
> +++ b/libselinux/utils/getdefaultcon.c
> @@ -62,7 +62,7 @@ int main(int argc, char **argv)
> /* If a context wasn't passed, use the current context. */
> if (((argc - optind) < 2)) {
> if (getcon(&cur_context) < 0) {
> - fprintf(stderr, "Couldn't get current context.\n");
> + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> return 2;
> }
> } else
> diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
> index e5d19c54..aeeb79a8 100644
> --- a/libselinux/utils/getenforce.c
> +++ b/libselinux/utils/getenforce.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc __attribute__ ((unused)),
> @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)),
> if (rc == 1) {
> rc = security_getenforce();
> if (rc < 0) {
> - fputs("getenforce: getenforce() failed", stderr);
> + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno));
> return 2;
> }
>
> diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
> index 6266ae16..b823a1a1 100644
> --- a/libselinux/utils/getfilecon.c
> +++ b/libselinux/utils/getfilecon.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc, char **argv)
> @@ -16,8 +18,8 @@ int main(int argc, char **argv)
> for (i = 1; i < argc; i++) {
> rc = getfilecon(argv[i], &buf);
> if (rc < 0) {
> - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
> - argv[i]);
> + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0],
> + argv[i], strerror(errno));
> exit(2);
> }
> printf("%s\t%s\n", argv[i], buf);
> diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
> index ea6c274e..1a88fa6d 100644
> --- a/libselinux/utils/getpidcon.c
> +++ b/libselinux/utils/getpidcon.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc, char **argv)
> @@ -21,7 +23,7 @@ int main(int argc, char **argv)
>
> rc = getpidcon(pid, &buf);
> if (rc < 0) {
> - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
> + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno));
> exit(3);
> }
>
> diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
> index dd56f2c7..5230bcaf 100644
> --- a/libselinux/utils/policyvers.c
> +++ b/libselinux/utils/policyvers.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc __attribute__ ((unused)), char **argv)
> @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv)
>
> rc = security_policyvers();
> if (rc < 0) {
> - fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
> + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno));
> exit(2);
> }
>
> diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> index 49408a0b..6a8313a2 100644
> --- a/libselinux/utils/selabel_digest.c
> +++ b/libselinux/utils/selabel_digest.c
> @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest)
>
> fp = popen(cmd, "r");
> if (!fp) {
> - printf("Failed to run command line\n");
> + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> index e28833d2..c4e0f836 100644
> --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
> +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> @@ -77,7 +77,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
> index 1aef64de..112ffda1 100644
> --- a/libselinux/utils/selabel_lookup.c
> +++ b/libselinux/utils/selabel_lookup.c
> @@ -91,7 +91,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(backend, selabel_option, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
> index 2cddc6cd..a4af0679 100644
> --- a/libselinux/utils/selabel_lookup_best_match.c
> +++ b/libselinux/utils/selabel_lookup_best_match.c
> @@ -117,7 +117,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> rc = -1;
> goto out;
> }
> diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
> index c5932cb1..7bbd5777 100644
> --- a/libselinux/utils/selabel_partial_match.c
> +++ b/libselinux/utils/selabel_partial_match.c
> @@ -61,7 +61,8 @@ int main(int argc, char **argv)
> hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> if (!hnd) {
> fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> - "handle.\n");
> + "handle: %s\n",
> + strerror(errno));
> return -1;
> }
>
> diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
> index 60a20a4b..67c13dca 100644
> --- a/libselinux/utils/setenforce.c
> +++ b/libselinux/utils/setenforce.c
> @@ -4,6 +4,7 @@
> #include <ctype.h>
> #include <string.h>
> #include <strings.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> static __attribute__ ((__noreturn__)) void usage(const char *progname)
> @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> usage(argv[0]);
> }
> if (rc < 0) {
> - fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
> + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno));
> return 2;
> }
> return 0;
> diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
> index 79af55de..a3fbc3ed 100644
> --- a/libselinux/utils/setfilecon.c
> +++ b/libselinux/utils/setfilecon.c
> @@ -1,6 +1,8 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> #include <selinux/selinux.h>
>
> int main(int argc, char **argv)
> @@ -15,8 +17,8 @@ int main(int argc, char **argv)
> for (i = 2; i < argc; i++) {
> rc = setfilecon(argv[i], argv[1]);
> if (rc < 0) {
> - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
> - argv[0], argv[i], argv[1]);
> + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n",
> + argv[0], argv[i], argv[1], strerror(errno));
> exit(2);
> }
> }
> --
> 2.36.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux/utils: print errno on failure
2022-05-12 19:38 ` James Carter
@ 2022-05-16 17:05 ` James Carter
0 siblings, 0 replies; 5+ messages in thread
From: James Carter @ 2022-05-16 17:05 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Thu, May 12, 2022 at 3:38 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Sat, May 7, 2022 at 11:59 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Print error description on failure after functions known to set errno.
> >
> > Also mention the library function name in getenforce, policyvers and
> > setenforce instead of the program name twice.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>
Merged.
Thanks,
Jim
> > ---
> > libselinux/utils/compute_av.c | 3 ++-
> > libselinux/utils/compute_create.c | 5 +++--
> > libselinux/utils/compute_member.c | 5 +++--
> > libselinux/utils/compute_relabel.c | 5 +++--
> > libselinux/utils/getconlist.c | 2 +-
> > libselinux/utils/getdefaultcon.c | 2 +-
> > libselinux/utils/getenforce.c | 4 +++-
> > libselinux/utils/getfilecon.c | 6 ++++--
> > libselinux/utils/getpidcon.c | 4 +++-
> > libselinux/utils/policyvers.c | 4 +++-
> > libselinux/utils/selabel_digest.c | 2 +-
> > libselinux/utils/selabel_get_digests_all_partial_matches.c | 3 ++-
> > libselinux/utils/selabel_lookup.c | 3 ++-
> > libselinux/utils/selabel_lookup_best_match.c | 3 ++-
> > libselinux/utils/selabel_partial_match.c | 3 ++-
> > libselinux/utils/setenforce.c | 3 ++-
> > libselinux/utils/setfilecon.c | 6 ++++--
> > 17 files changed, 41 insertions(+), 22 deletions(-)
> >
> > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> > index ef08338f..cca407d6 100644
> > --- a/libselinux/utils/compute_av.c
> > +++ b/libselinux/utils/compute_av.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
> > + fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> > index 63029c19..c6481f4b 100644
> > --- a/libselinux/utils/compute_create.c
> > +++ b/libselinux/utils/compute_create.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_create(argv[1], argv[2], tclass, &buf);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_create failed\n",
> > - argv[0]);
> > + fprintf(stderr, "%s: security_compute_create failed: %s\n",
> > + argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> > index 1ef47c25..9fe790ee 100644
> > --- a/libselinux/utils/compute_member.c
> > +++ b/libselinux/utils/compute_member.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_member(argv[1], argv[2], tclass, &buf);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_member failed\n",
> > - argv[0]);
> > + fprintf(stderr, "%s: security_compute_member failed: %s\n",
> > + argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> > index f6a957da..bdd39d0f 100644
> > --- a/libselinux/utils/compute_relabel.c
> > +++ b/libselinux/utils/compute_relabel.c
> > @@ -2,6 +2,7 @@
> > #include <sys/types.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > #include <errno.h>
> > #include <selinux/selinux.h>
> >
> > @@ -35,8 +36,8 @@ int main(int argc, char **argv)
> >
> > ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
> > if (ret < 0) {
> > - fprintf(stderr, "%s: security_compute_relabel failed\n",
> > - argv[0]);
> > + fprintf(stderr, "%s: security_compute_relabel failed: %s\n",
> > + argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> > index 0bb28469..92f6a793 100644
> > --- a/libselinux/utils/getconlist.c
> > +++ b/libselinux/utils/getconlist.c
> > @@ -55,7 +55,7 @@ int main(int argc, char **argv)
> > /* If a context wasn't passed, use the current context. */
> > if (((argc - optind) < 2)) {
> > if (getcon(&cur_context) < 0) {
> > - fprintf(stderr, "Couldn't get current context.\n");
> > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> > free(level);
> > return 2;
> > }
> > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> > index 590e98d9..93102e5e 100644
> > --- a/libselinux/utils/getdefaultcon.c
> > +++ b/libselinux/utils/getdefaultcon.c
> > @@ -62,7 +62,7 @@ int main(int argc, char **argv)
> > /* If a context wasn't passed, use the current context. */
> > if (((argc - optind) < 2)) {
> > if (getcon(&cur_context) < 0) {
> > - fprintf(stderr, "Couldn't get current context.\n");
> > + fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
> > return 2;
> > }
> > } else
> > diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
> > index e5d19c54..aeeb79a8 100644
> > --- a/libselinux/utils/getenforce.c
> > +++ b/libselinux/utils/getenforce.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc __attribute__ ((unused)),
> > @@ -16,7 +18,7 @@ int main(int argc __attribute__ ((unused)),
> > if (rc == 1) {
> > rc = security_getenforce();
> > if (rc < 0) {
> > - fputs("getenforce: getenforce() failed", stderr);
> > + fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno));
> > return 2;
> > }
> >
> > diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
> > index 6266ae16..b823a1a1 100644
> > --- a/libselinux/utils/getfilecon.c
> > +++ b/libselinux/utils/getfilecon.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc, char **argv)
> > @@ -16,8 +18,8 @@ int main(int argc, char **argv)
> > for (i = 1; i < argc; i++) {
> > rc = getfilecon(argv[i], &buf);
> > if (rc < 0) {
> > - fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
> > - argv[i]);
> > + fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0],
> > + argv[i], strerror(errno));
> > exit(2);
> > }
> > printf("%s\t%s\n", argv[i], buf);
> > diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
> > index ea6c274e..1a88fa6d 100644
> > --- a/libselinux/utils/getpidcon.c
> > +++ b/libselinux/utils/getpidcon.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc, char **argv)
> > @@ -21,7 +23,7 @@ int main(int argc, char **argv)
> >
> > rc = getpidcon(pid, &buf);
> > if (rc < 0) {
> > - fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
> > + fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno));
> > exit(3);
> > }
> >
> > diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
> > index dd56f2c7..5230bcaf 100644
> > --- a/libselinux/utils/policyvers.c
> > +++ b/libselinux/utils/policyvers.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc __attribute__ ((unused)), char **argv)
> > @@ -9,7 +11,7 @@ int main(int argc __attribute__ ((unused)), char **argv)
> >
> > rc = security_policyvers();
> > if (rc < 0) {
> > - fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
> > + fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno));
> > exit(2);
> > }
> >
> > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> > index 49408a0b..6a8313a2 100644
> > --- a/libselinux/utils/selabel_digest.c
> > +++ b/libselinux/utils/selabel_digest.c
> > @@ -34,7 +34,7 @@ static int run_check_digest(char *cmd, char *selabel_digest)
> >
> > fp = popen(cmd, "r");
> > if (!fp) {
> > - printf("Failed to run command line\n");
> > + fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > index e28833d2..c4e0f836 100644
> > --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
> > @@ -77,7 +77,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
> > index 1aef64de..112ffda1 100644
> > --- a/libselinux/utils/selabel_lookup.c
> > +++ b/libselinux/utils/selabel_lookup.c
> > @@ -91,7 +91,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(backend, selabel_option, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
> > index 2cddc6cd..a4af0679 100644
> > --- a/libselinux/utils/selabel_lookup_best_match.c
> > +++ b/libselinux/utils/selabel_lookup_best_match.c
> > @@ -117,7 +117,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > rc = -1;
> > goto out;
> > }
> > diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
> > index c5932cb1..7bbd5777 100644
> > --- a/libselinux/utils/selabel_partial_match.c
> > +++ b/libselinux/utils/selabel_partial_match.c
> > @@ -61,7 +61,8 @@ int main(int argc, char **argv)
> > hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
> > if (!hnd) {
> > fprintf(stderr, "ERROR: selabel_open - Could not obtain "
> > - "handle.\n");
> > + "handle: %s\n",
> > + strerror(errno));
> > return -1;
> > }
> >
> > diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
> > index 60a20a4b..67c13dca 100644
> > --- a/libselinux/utils/setenforce.c
> > +++ b/libselinux/utils/setenforce.c
> > @@ -4,6 +4,7 @@
> > #include <ctype.h>
> > #include <string.h>
> > #include <strings.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > static __attribute__ ((__noreturn__)) void usage(const char *progname)
> > @@ -35,7 +36,7 @@ int main(int argc, char **argv)
> > usage(argv[0]);
> > }
> > if (rc < 0) {
> > - fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
> > + fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno));
> > return 2;
> > }
> > return 0;
> > diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
> > index 79af55de..a3fbc3ed 100644
> > --- a/libselinux/utils/setfilecon.c
> > +++ b/libselinux/utils/setfilecon.c
> > @@ -1,6 +1,8 @@
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > #include <selinux/selinux.h>
> >
> > int main(int argc, char **argv)
> > @@ -15,8 +17,8 @@ int main(int argc, char **argv)
> > for (i = 2; i < argc; i++) {
> > rc = setfilecon(argv[i], argv[1]);
> > if (rc < 0) {
> > - fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
> > - argv[0], argv[i], argv[1]);
> > + fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n",
> > + argv[0], argv[i], argv[1], strerror(errno));
> > exit(2);
> > }
> > }
> > --
> > 2.36.0
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-05-16 17:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-05 17:44 [PATCH] libselinux/utils: print errno on failure Christian Göttsche
2022-05-09 14:38 ` James Carter
2022-05-10 17:22 ` Christian Göttsche
2022-05-12 19:38 ` James Carter
2022-05-16 17:05 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.