From 2073bf3f580a1d57b272f6dde43fa0d9ca7f2a17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 26 Mar 2020 20:15:13 +0100 Subject: [PATCH] selinux: add debug logging to cache functions --- src/basic/selinux-util.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c index 0484ba0adb7..33ff427ae7a 100644 --- a/src/basic/selinux-util.c +++ b/src/basic/selinux-util.c @@ -44,8 +44,10 @@ static struct selabel_handle *label_hnd = NULL; bool mac_selinux_use(void) { #if HAVE_SELINUX - if (_unlikely_(cached_use < 0)) + if (_unlikely_(cached_use < 0)) { cached_use = is_selinux_enabled() > 0; + log_debug("SELinux enabled state cached to: %s", cached_use ? "enabled" : "disabled"); + } return cached_use; #else @@ -57,12 +59,13 @@ bool mac_selinux_enforcing(void) { #if HAVE_SELINUX if (_unlikely_(cached_enforcing < 0)) { cached_enforcing = security_getenforce(); - if (cached_enforcing == -1) { - log_error_errno(errno, "Failed to get SELinux enforced status: %m"); - } + if (cached_enforcing == -1) + log_error_errno(errno, "Failed to get SELinux enforced status, continue in enforcing mode: %m"); + else + log_debug("SELinux enforcing state cached to: %s", cached_enforcing ? "enforcing" : "permissive"); } - /* treat failure as enforced mode */ + /* treat failure as enforcing mode */ return (cached_enforcing != 0); #else return false; @@ -80,6 +83,8 @@ void mac_selinux_retest(void) { static int setenforce_callback(int enforcing) { cached_enforcing = enforcing; + log_debug("SELinux enforcing state updated to: %s", cached_enforcing ? "enforcing" : "permissive"); + return 0; } #endif