mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 23:21:22 +03:00
selinux-util: increase log severity
`log_enforcing()` and `log_enforcing_errno()` are only used for important messages, which describe failures in enforced mode. They are guarded either by `!mac_selinux_use()` or `!label_hnd` checks, where the latter is itself guarded by the former. Only SELinux enabled systems print these logs. This helps to configure a system in permissive mode, without getting surprising failures when switching to enforced mode.
This commit is contained in:
parent
2979f04b99
commit
074b597dd9
@ -37,8 +37,8 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(context_t, context_free);
|
||||
static int cached_use = -1;
|
||||
static struct selabel_handle *label_hnd = NULL;
|
||||
|
||||
#define log_enforcing(...) log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG, __VA_ARGS__)
|
||||
#define log_enforcing_errno(r, ...) log_full_errno(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG, r, __VA_ARGS__)
|
||||
#define log_enforcing(...) log_full(security_getenforce() == 1 ? LOG_ERR : LOG_WARNING, __VA_ARGS__)
|
||||
#define log_enforcing_errno(r, ...) log_full_errno(security_getenforce() == 1 ? LOG_ERR : LOG_WARNING, r, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
bool mac_selinux_use(void) {
|
||||
|
Loading…
Reference in New Issue
Block a user