selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] libsepol/cil: Report disabling an optional block only at high verbose levels
@ 2019-11-01 15:19 James Carter
  2019-11-02 17:16 ` Nicolas Iooss
  0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2019-11-01 15:19 UTC (permalink / raw)
  To: selinux

Since failing to resolve a statement in an optional block is normal,
only display messages about the statement failing to resolve and the
optional block being disabled at the highest verbosity level.

These messages are now only at log level CIL_INFO instead of CIL_WARN.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 libsepol/cil/src/cil_resolve_ast.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 70a60bdf..87575860 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -3761,14 +3761,16 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
 		enum cil_log_level lvl = CIL_ERR;
 
 		if (optstack != NULL) {
-			lvl = CIL_WARN;
+			lvl = CIL_INFO;
 
 			struct cil_optional *opt = (struct cil_optional *)optstack->data;
 			struct cil_tree_node *opt_node = opt->datum.nodes->head->data;
-			cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
 			/* disable an optional if something failed to resolve */
 			opt->enabled = CIL_FALSE;
+			cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
+			cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
 			rc = SEPOL_OK;
+			goto exit;
 		}
 
 		cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: Report disabling an optional block only at high verbose levels
  2019-11-01 15:19 [PATCH] libsepol/cil: Report disabling an optional block only at high verbose levels James Carter
@ 2019-11-02 17:16 ` Nicolas Iooss
  2019-11-06 17:35   ` [Non-DoD Source] " jwcart2
  0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Iooss @ 2019-11-02 17:16 UTC (permalink / raw)
  To: James Carter; +Cc: SElinux list

On Fri, Nov 1, 2019 at 4:25 PM James Carter <jwcart2@tycho.nsa.gov> wrote:
>
> Since failing to resolve a statement in an optional block is normal,
> only display messages about the statement failing to resolve and the
> optional block being disabled at the highest verbosity level.
>
> These messages are now only at log level CIL_INFO instead of CIL_WARN.
>
> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

I confirm that this fixes the issue I experienced with "semodule
--verbose -B" being much noisier in 3.0-rc1 than in 2.9.

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Thanks
Nicolas

> ---
>  libsepol/cil/src/cil_resolve_ast.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> index 70a60bdf..87575860 100644
> --- a/libsepol/cil/src/cil_resolve_ast.c
> +++ b/libsepol/cil/src/cil_resolve_ast.c
> @@ -3761,14 +3761,16 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
>                 enum cil_log_level lvl = CIL_ERR;
>
>                 if (optstack != NULL) {
> -                       lvl = CIL_WARN;
> +                       lvl = CIL_INFO;
>
>                         struct cil_optional *opt = (struct cil_optional *)optstack->data;
>                         struct cil_tree_node *opt_node = opt->datum.nodes->head->data;
> -                       cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
>                         /* disable an optional if something failed to resolve */
>                         opt->enabled = CIL_FALSE;
> +                       cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
> +                       cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
>                         rc = SEPOL_OK;
> +                       goto exit;
>                 }
>
>                 cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
> --
> 2.21.0
>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Non-DoD Source] Re: [PATCH] libsepol/cil: Report disabling an optional block only at high verbose levels
  2019-11-02 17:16 ` Nicolas Iooss
@ 2019-11-06 17:35   ` jwcart2
  0 siblings, 0 replies; 3+ messages in thread
From: jwcart2 @ 2019-11-06 17:35 UTC (permalink / raw)
  To: Nicolas Iooss; +Cc: SElinux list

On 11/2/19 1:16 PM, Nicolas Iooss wrote:
> On Fri, Nov 1, 2019 at 4:25 PM James Carter <jwcart2@tycho.nsa.gov> wrote:
>>
>> Since failing to resolve a statement in an optional block is normal,
>> only display messages about the statement failing to resolve and the
>> optional block being disabled at the highest verbosity level.
>>
>> These messages are now only at log level CIL_INFO instead of CIL_WARN.
>>
>> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
> 
> I confirm that this fixes the issue I experienced with "semodule
> --verbose -B" being much noisier in 3.0-rc1 than in 2.9.
> 
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> 
> Thanks
> Nicolas
> 

I merged this.
Jim

>> ---
>>   libsepol/cil/src/cil_resolve_ast.c | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
>> index 70a60bdf..87575860 100644
>> --- a/libsepol/cil/src/cil_resolve_ast.c
>> +++ b/libsepol/cil/src/cil_resolve_ast.c
>> @@ -3761,14 +3761,16 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
>>                  enum cil_log_level lvl = CIL_ERR;
>>
>>                  if (optstack != NULL) {
>> -                       lvl = CIL_WARN;
>> +                       lvl = CIL_INFO;
>>
>>                          struct cil_optional *opt = (struct cil_optional *)optstack->data;
>>                          struct cil_tree_node *opt_node = opt->datum.nodes->head->data;
>> -                       cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
>>                          /* disable an optional if something failed to resolve */
>>                          opt->enabled = CIL_FALSE;
>> +                       cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
>> +                       cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
>>                          rc = SEPOL_OK;
>> +                       goto exit;
>>                  }
>>
>>                  cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
>> --
>> 2.21.0
>>
> 


-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-06 17:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-01 15:19 [PATCH] libsepol/cil: Report disabling an optional block only at high verbose levels James Carter
2019-11-02 17:16 ` Nicolas Iooss
2019-11-06 17:35   ` [Non-DoD Source] " jwcart2

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).