summaryrefslogtreecommitdiffstats
path: root/src/tools/selinux.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tools/selinux.c')
-rw-r--r--src/tools/selinux.c66
1 files changed, 38 insertions, 28 deletions
diff --git a/src/tools/selinux.c b/src/tools/selinux.c
index a5943c9f1..e10f806bb 100644
--- a/src/tools/selinux.c
+++ b/src/tools/selinux.c
@@ -133,7 +133,7 @@ static semanage_handle_t *sss_semanage_init(void)
handle = semanage_handle_create();
if (!handle) {
- DEBUG(1, "Cannot create SELinux management handle\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
return NULL;
}
@@ -143,25 +143,26 @@ static semanage_handle_t *sss_semanage_init(void)
ret = semanage_is_managed(handle);
if (ret != 1) {
- DEBUG(1, "SELinux policy not managed\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "SELinux policy not managed\n");
goto fail;
}
ret = semanage_access_check(handle);
if (ret < SEMANAGE_CAN_READ) {
- DEBUG(1, "Cannot read SELinux policy store\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n");
goto fail;
}
ret = semanage_connect(handle);
if (ret != 0) {
- DEBUG(1, "Cannot estabilish SELinux management connection\n");
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot estabilish SELinux management connection\n");
goto fail;
}
ret = semanage_begin_transaction(handle);
if (ret != 0) {
- DEBUG(1, "Cannot begin SELinux transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
goto fail;
}
@@ -181,35 +182,39 @@ static int sss_semanage_user_add(semanage_handle_t *handle,
ret = semanage_seuser_create(handle, &seuser);
if (ret != 0) {
- DEBUG(1, "Cannot create SELinux login mapping for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot create SELinux login mapping for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_name(handle, seuser, login_name);
if (ret != 0) {
- DEBUG(1, "Could not set name for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set name for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
- DEBUG(1, "Could not set serange for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set serange for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
if (ret != 0) {
- DEBUG(1, "Could not set SELinux user for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set SELinux user for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_modify_local(handle, key, seuser);
if (ret != 0) {
- DEBUG(1, "Could not add login mapping for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add login mapping for %s\n", login_name);
ret = EIO;
goto done;
}
@@ -230,28 +235,31 @@ static int sss_semanage_user_mod(semanage_handle_t *handle,
semanage_seuser_query(handle, key, &seuser);
if (seuser == NULL) {
- DEBUG(1, "Could not query seuser for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not query seuser for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
- DEBUG(1, "Could not set serange for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not set serange for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
if (ret != 0) {
- DEBUG(1, "Could not set sename for %s\n", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not set sename for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_modify_local(handle, key, seuser);
if (ret != 0) {
- DEBUG(1, ("Could not modify login mapping for %s\n"), login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Could not modify login mapping for %s\n"), login_name);
ret = EIO;
goto done;
}
@@ -276,21 +284,21 @@ int set_seuser(const char *login_name, const char *seuser_name)
handle = sss_semanage_init();
if (!handle) {
- DEBUG(1, "Cannot init SELinux management\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_key_create(handle, login_name, &key);
if (ret != 0) {
- DEBUG(1, "Cannot create SELinux user key\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_exists(handle, key, &seuser_exists);
if (ret < 0) {
- DEBUG(1, "Cannot verify the SELinux user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n");
ret = EIO;
goto done;
}
@@ -298,14 +306,14 @@ int set_seuser(const char *login_name, const char *seuser_name)
if (seuser_exists) {
ret = sss_semanage_user_mod(handle, key, login_name, seuser_name);
if (ret != 0) {
- DEBUG(1, "Cannot modify SELinux user mapping\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n");
ret = EIO;
goto done;
}
} else {
ret = sss_semanage_user_add(handle, key, login_name, seuser_name);
if (ret != 0) {
- DEBUG(1, "Cannot add SELinux user mapping\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n");
ret = EIO;
goto done;
}
@@ -313,7 +321,7 @@ int set_seuser(const char *login_name, const char *seuser_name)
ret = semanage_commit(handle);
if (ret < 0) {
- DEBUG(1, "Cannot commit SELinux transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n");
ret = EIO;
goto done;
}
@@ -334,27 +342,28 @@ int del_seuser(const char *login_name)
handle = sss_semanage_init();
if (!handle) {
- DEBUG(1, "Cannot init SELinux management\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_key_create(handle, login_name, &key);
if (ret != 0) {
- DEBUG(1, "Cannot create SELinux user key\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_exists(handle, key, &exists);
if (ret < 0) {
- DEBUG(1, "Cannot verify the SELinux user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n");
ret = EIO;
goto done;
}
if (!exists) {
- DEBUG(5, "Login mapping for %s is not defined, OK if default mapping "
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Login mapping for %s is not defined, OK if default mapping "
"was used\n", login_name);
ret = EOK; /* probably default mapping */
goto done;
@@ -362,13 +371,13 @@ int del_seuser(const char *login_name)
ret = semanage_seuser_exists_local(handle, key, &exists);
if (ret < 0) {
- DEBUG(1, "Cannot verify the SELinux user\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n");
ret = EIO;
goto done;
}
if (!exists) {
- DEBUG(1, "Login mapping for %s is defined in policy, "
+ DEBUG(SSSDBG_CRIT_FAILURE, "Login mapping for %s is defined in policy, "
"cannot be deleted", login_name);
ret = ENOENT;
goto done;
@@ -376,14 +385,15 @@ int del_seuser(const char *login_name)
ret = semanage_seuser_del_local(handle, key);
if (ret != 0) {
- DEBUG(1, "Could not delete login mapping for %s", login_name);
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not delete login mapping for %s", login_name);
ret = EIO;
goto done;
}
ret = semanage_commit(handle);
if (ret < 0) {
- DEBUG(1, "Cannot commit SELinux transaction\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n");
ret = EIO;
goto done;
}
generated by cgit (git 2.34.1) at 2024-06-21 19:36:04 +0000