From d99d5987480ca2c37e0e9b6f75faaaa929c37b91 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Apr 23 2020 14:26:58 +0000
Subject: Log RPMLOG_ERR level messages on actual errors in selinux plugin, doh.


When there's an actual error, people will want to know without having
to rerun in verbose mode. Such as in RhBug:1641631 where configured
selinux policy differs from what is installed - the former message

    error: Plugin selinux: hook tsm_pre failed

...is not particularly helpful to anybody, whereas this actually provides
some clues now:

    error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory
    error: Plugin selinux: hook tsm_pre failed

---

diff --git a/plugins/selinux.c b/plugins/selinux.c
index accd474..f1caf25 100644
--- a/plugins/selinux.c
+++ b/plugins/selinux.c
@@ -12,6 +12,11 @@
 
 static struct selabel_handle * sehandle = NULL;
 
+static inline rpmlogLvl loglvl(int iserror)
+{
+    return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
+}
+
 static void sehandle_fini(int close_status)
 {
     if (sehandle) {
@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status)
 
     sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
 
-    rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
+    rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
 	   path, (sehandle == NULL ? strerror(errno) : ""));
 
     return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
     if ((xx = setexeccon(newcon)) == 0)
 	rc = RPMRC_OK;
 
-    if (rpmIsDebug()) {
-	rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n",
+    rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
 	       path, newcon, (xx < 0 ? strerror(errno) : ""));
-    }
 
 exit:
     context_free(con);
@@ -143,10 +146,8 @@ exit:
     if ((xx = setexecfilecon(path, "rpm_script_t") == 0))
 	rc = RPMRC_OK;
 
-    if (rpmIsDebug()) {
-	rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n",
+    rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
 	       path, (xx < 0 ? strerror(errno) : ""));
-    }
 #endif
     /* If selinux is not enforcing, we don't care either */
     if (rc && security_getenforce() < 1)
@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
 	if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
 	    int conrc = lsetfilecon(path, scon);
 
-	    if (rpmIsDebug()) {
-		rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
+	    rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n",
 		       path, scon, (conrc < 0 ? strerror(errno) : ""));
-	    }
 
 	    if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
 		rc = RPMRC_OK;