selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] libselinux: drop error return from is_selinux_enabled.3
@ 2020-02-07 14:37 Christian Göttsche
  2020-02-07 15:39 ` Petr Lautrbach
  2020-02-14 18:47 ` [PATCH] libselinux: drop error return from is_selinux_enabled documentation Christian Göttsche
  0 siblings, 2 replies; 8+ messages in thread
From: Christian Göttsche @ 2020-02-07 14:37 UTC (permalink / raw)
  To: selinux

is_selinux_enabled() does never return -1, do not say so in the manpage.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/man/man3/is_selinux_enabled.3 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
index df62c225..a887b48c 100644
--- a/libselinux/man/man3/is_selinux_enabled.3
+++ b/libselinux/man/man3/is_selinux_enabled.3
@@ -15,7 +15,6 @@ is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Secu
 .SH "DESCRIPTION"
 .BR is_selinux_enabled ()
 returns 1 if SELinux is running or 0 if it is not. 
-On error, \-1 is returned.
 
 .BR is_selinux_mls_enabled ()
 returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To
-- 
2.25.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH] libselinux: drop error return from is_selinux_enabled.3
  2020-02-07 14:37 [PATCH] libselinux: drop error return from is_selinux_enabled.3 Christian Göttsche
@ 2020-02-07 15:39 ` Petr Lautrbach
  2020-02-07 17:51   ` Stephen Smalley
  2020-02-14 18:47 ` [PATCH] libselinux: drop error return from is_selinux_enabled documentation Christian Göttsche
  1 sibling, 1 reply; 8+ messages in thread
From: Petr Lautrbach @ 2020-02-07 15:39 UTC (permalink / raw)
  To: Christian Göttsche; +Cc: selinux


Christian Göttsche <cgzones@googlemail.com> writes:

> is_selinux_enabled() does never return -1, do not say so in the manpage.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  libselinux/man/man3/is_selinux_enabled.3 | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
> index df62c225..a887b48c 100644
> --- a/libselinux/man/man3/is_selinux_enabled.3
> +++ b/libselinux/man/man3/is_selinux_enabled.3
> @@ -15,7 +15,6 @@ is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Secu
>  .SH "DESCRIPTION"
>  .BR is_selinux_enabled ()
>  returns 1 if SELinux is running or 0 if it is not. 
> -On error, \-1 is returned.
>  
>  .BR is_selinux_mls_enabled ()
>  returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To


There's also

libselinux/include/selinux/selinux.h:

/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
extern int is_selinux_enabled(void);


Would you mind to update this as well?

Thanks,

Petr


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] libselinux: drop error return from is_selinux_enabled.3
  2020-02-07 15:39 ` Petr Lautrbach
@ 2020-02-07 17:51   ` Stephen Smalley
  2020-02-11 19:12     ` Christian Göttsche
  0 siblings, 1 reply; 8+ messages in thread
From: Stephen Smalley @ 2020-02-07 17:51 UTC (permalink / raw)
  To: Petr Lautrbach, Christian Göttsche; +Cc: selinux

On 2/7/20 10:39 AM, Petr Lautrbach wrote:
> 
> Christian Göttsche <cgzones@googlemail.com> writes:
> 
>> is_selinux_enabled() does never return -1, do not say so in the manpage.

Just as a historical footnote: it used to be possible that it would 
return -1 prior to commit e3cab998b48ab293a9962faf9779d70ca339c65d circa 
release 20120216.

>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>> ---
>>   libselinux/man/man3/is_selinux_enabled.3 | 1 -
>>   1 file changed, 1 deletion(-)
>>
>> diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
>> index df62c225..a887b48c 100644
>> --- a/libselinux/man/man3/is_selinux_enabled.3
>> +++ b/libselinux/man/man3/is_selinux_enabled.3
>> @@ -15,7 +15,6 @@ is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Secu
>>   .SH "DESCRIPTION"
>>   .BR is_selinux_enabled ()
>>   returns 1 if SELinux is running or 0 if it is not.
>> -On error, \-1 is returned.
>>   
>>   .BR is_selinux_mls_enabled ()
>>   returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To
> 
> 
> There's also
> 
> libselinux/include/selinux/selinux.h:
> 
> /* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
> extern int is_selinux_enabled(void);
> 
> 
> Would you mind to update this as well?
> 
> Thanks,
> 
> Petr
> 


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] libselinux: drop error return from is_selinux_enabled.3
  2020-02-07 17:51   ` Stephen Smalley
@ 2020-02-11 19:12     ` Christian Göttsche
  2020-02-11 19:52       ` Stephen Smalley
  0 siblings, 1 reply; 8+ messages in thread
From: Christian Göttsche @ 2020-02-11 19:12 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: Petr Lautrbach, selinux

Am Fr., 7. Feb. 2020 um 18:51 Uhr schrieb Stephen Smalley <sds@tycho.nsa.gov>:
>
> On 2/7/20 10:39 AM, Petr Lautrbach wrote:
> >
> > Christian Göttsche <cgzones@googlemail.com> writes:
> >
> >> is_selinux_enabled() does never return -1, do not say so in the manpage.

I am having second thoughts about this:
With the current inaccurate documentation the worst effect are dead
error handlers in client code.
But when removed now, after a potential SELinux rework (either kernel
or userland) in some years it might be way harder to re-introduce
error checking in all client applications.

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] libselinux: drop error return from is_selinux_enabled.3
  2020-02-11 19:12     ` Christian Göttsche
@ 2020-02-11 19:52       ` Stephen Smalley
  0 siblings, 0 replies; 8+ messages in thread
From: Stephen Smalley @ 2020-02-11 19:52 UTC (permalink / raw)
  To: Christian Göttsche; +Cc: Petr Lautrbach, selinux

On 2/11/20 2:12 PM, Christian Göttsche wrote:
> Am Fr., 7. Feb. 2020 um 18:51 Uhr schrieb Stephen Smalley <sds@tycho.nsa.gov>:
>>
>> On 2/7/20 10:39 AM, Petr Lautrbach wrote:
>>>
>>> Christian Göttsche <cgzones@googlemail.com> writes:
>>>
>>>> is_selinux_enabled() does never return -1, do not say so in the manpage.
> 
> I am having second thoughts about this:
> With the current inaccurate documentation the worst effect are dead
> error handlers in client code.
> But when removed now, after a potential SELinux rework (either kernel
> or userland) in some years it might be way harder to re-introduce
> error checking in all client applications.

Looking around at callers via codesearch, I don't see any actual error 
handlers for is_selinux_enabled() < 0.  There is also inconsistent 
handling of the < 0 case; some code handles it the same as 0 (disabled) 
while other code handles any non-zero result as selinux-enabled. 
Probably better to fix the man page and header.

^ permalink raw reply	[flat|nested] 8+ messages in thread
* [PATCH] libselinux: drop error return from is_selinux_enabled documentation
  2020-02-07 14:37 [PATCH] libselinux: drop error return from is_selinux_enabled.3 Christian Göttsche
  2020-02-07 15:39 ` Petr Lautrbach
@ 2020-02-14 18:47 ` Christian Göttsche
  2020-02-14 19:42   ` Stephen Smalley
  1 sibling, 1 reply; 8+ messages in thread
From: Christian Göttsche @ 2020-02-14 18:47 UTC (permalink / raw)
  To: selinux

Since commit e3cab998b48ab293a9962faf9779d70ca339c65d ("libselinux
mountpoint changing patch.") for version 20120216 is_selinux_enabled()
does never return -1; drop mentions in the man-page and header file.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/include/selinux/selinux.h     | 2 +-
 libselinux/man/man3/is_selinux_enabled.3 | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 7922d96b..883d8b85 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -8,7 +8,7 @@
 extern "C" {
 #endif
 
-/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
+/* Return 1 if we are running on a SELinux kernel, or 0 otherwise. */
 extern int is_selinux_enabled(void);
 /* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
 extern int is_selinux_mls_enabled(void);
diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
index df62c225..a887b48c 100644
--- a/libselinux/man/man3/is_selinux_enabled.3
+++ b/libselinux/man/man3/is_selinux_enabled.3
@@ -15,7 +15,6 @@ is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Secu
 .SH "DESCRIPTION"
 .BR is_selinux_enabled ()
 returns 1 if SELinux is running or 0 if it is not. 
-On error, \-1 is returned.
 
 .BR is_selinux_mls_enabled ()
 returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To
-- 
2.25.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH] libselinux: drop error return from is_selinux_enabled documentation
  2020-02-14 18:47 ` [PATCH] libselinux: drop error return from is_selinux_enabled documentation Christian Göttsche
@ 2020-02-14 19:42   ` Stephen Smalley
  2020-02-18 15:41     ` Stephen Smalley
  0 siblings, 1 reply; 8+ messages in thread
From: Stephen Smalley @ 2020-02-14 19:42 UTC (permalink / raw)
  To: Christian Göttsche, selinux

On 2/14/20 1:47 PM, Christian Göttsche wrote:
> Since commit e3cab998b48ab293a9962faf9779d70ca339c65d ("libselinux
> mountpoint changing patch.") for version 20120216 is_selinux_enabled()
> does never return -1; drop mentions in the man-page and header file.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>   libselinux/include/selinux/selinux.h     | 2 +-
>   libselinux/man/man3/is_selinux_enabled.3 | 1 -
>   2 files changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
> index 7922d96b..883d8b85 100644
> --- a/libselinux/include/selinux/selinux.h
> +++ b/libselinux/include/selinux/selinux.h
> @@ -8,7 +8,7 @@
>   extern "C" {
>   #endif
>   
> -/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
> +/* Return 1 if we are running on a SELinux kernel, or 0 otherwise. */
>   extern int is_selinux_enabled(void);
>   /* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
>   extern int is_selinux_mls_enabled(void);
> diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
> index df62c225..a887b48c 100644
> --- a/libselinux/man/man3/is_selinux_enabled.3
> +++ b/libselinux/man/man3/is_selinux_enabled.3
> @@ -15,7 +15,6 @@ is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Secu
>   .SH "DESCRIPTION"
>   .BR is_selinux_enabled ()
>   returns 1 if SELinux is running or 0 if it is not.
> -On error, \-1 is returned.
>   
>   .BR is_selinux_mls_enabled ()
>   returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To
> 


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] libselinux: drop error return from is_selinux_enabled documentation
  2020-02-14 19:42   ` Stephen Smalley
@ 2020-02-18 15:41     ` Stephen Smalley
  0 siblings, 0 replies; 8+ messages in thread
From: Stephen Smalley @ 2020-02-18 15:41 UTC (permalink / raw)
  To: Christian Göttsche, selinux

On 2/14/20 2:42 PM, Stephen Smalley wrote:
> On 2/14/20 1:47 PM, Christian Göttsche wrote:
>> Since commit e3cab998b48ab293a9962faf9779d70ca339c65d ("libselinux
>> mountpoint changing patch.") for version 20120216 is_selinux_enabled()
>> does never return -1; drop mentions in the man-page and header file.
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> 
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

Thanks, applied.



^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-02-18 15:40 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-07 14:37 [PATCH] libselinux: drop error return from is_selinux_enabled.3 Christian Göttsche
2020-02-07 15:39 ` Petr Lautrbach
2020-02-07 17:51   ` Stephen Smalley
2020-02-11 19:12     ` Christian Göttsche
2020-02-11 19:52       ` Stephen Smalley
2020-02-14 18:47 ` [PATCH] libselinux: drop error return from is_selinux_enabled documentation Christian Göttsche
2020-02-14 19:42   ` Stephen Smalley
2020-02-18 15:41     ` Stephen Smalley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).