libselinux/utils: print errno on failure
Print error description on failure after functions known to set errno.
Also mention the library function name in getenforce, policyvers and
setenforce instead of the program name twice.
Signed-off-by: Christian Göttsche <[email protected]>
Acked-by: James Carter <[email protected]>
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
index ef08338..cca407d 100644
--- a/libselinux/utils/compute_av.c
+++ b/libselinux/utils/compute_av.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,7 +36,7 @@
ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
+ fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
index 63029c1..c6481f4 100644
--- a/libselinux/utils/compute_create.c
+++ b/libselinux/utils/compute_create.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,8 +36,8 @@
ret = security_compute_create(argv[1], argv[2], tclass, &buf);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_create failed\n",
- argv[0]);
+ fprintf(stderr, "%s: security_compute_create failed: %s\n",
+ argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
index 1ef47c2..9fe790e 100644
--- a/libselinux/utils/compute_member.c
+++ b/libselinux/utils/compute_member.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,8 +36,8 @@
ret = security_compute_member(argv[1], argv[2], tclass, &buf);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_member failed\n",
- argv[0]);
+ fprintf(stderr, "%s: security_compute_member failed: %s\n",
+ argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
index f6a957d..bdd39d0 100644
--- a/libselinux/utils/compute_relabel.c
+++ b/libselinux/utils/compute_relabel.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
@@ -35,8 +36,8 @@
ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
if (ret < 0) {
- fprintf(stderr, "%s: security_compute_relabel failed\n",
- argv[0]);
+ fprintf(stderr, "%s: security_compute_relabel failed: %s\n",
+ argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
index 0bb2846..92f6a79 100644
--- a/libselinux/utils/getconlist.c
+++ b/libselinux/utils/getconlist.c
@@ -55,7 +55,7 @@
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
if (getcon(&cur_context) < 0) {
- fprintf(stderr, "Couldn't get current context.\n");
+ fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
free(level);
return 2;
}
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
index 590e98d..93102e5 100644
--- a/libselinux/utils/getdefaultcon.c
+++ b/libselinux/utils/getdefaultcon.c
@@ -62,7 +62,7 @@
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
if (getcon(&cur_context) < 0) {
- fprintf(stderr, "Couldn't get current context.\n");
+ fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
return 2;
}
} else
diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
index e5d19c5..aeeb79a 100644
--- a/libselinux/utils/getenforce.c
+++ b/libselinux/utils/getenforce.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc __attribute__ ((unused)),
@@ -16,7 +18,7 @@
if (rc == 1) {
rc = security_getenforce();
if (rc < 0) {
- fputs("getenforce: getenforce() failed", stderr);
+ fprintf(stderr, "getenforce: security_getenforce() failed: %s\n", strerror(errno));
return 2;
}
diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
index 6266ae1..b823a1a 100644
--- a/libselinux/utils/getfilecon.c
+++ b/libselinux/utils/getfilecon.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
@@ -16,8 +18,8 @@
for (i = 1; i < argc; i++) {
rc = getfilecon(argv[i], &buf);
if (rc < 0) {
- fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
- argv[i]);
+ fprintf(stderr, "%s: getfilecon(%s) failed: %s\n", argv[0],
+ argv[i], strerror(errno));
exit(2);
}
printf("%s\t%s\n", argv[i], buf);
diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
index ea6c274..1a88fa6 100644
--- a/libselinux/utils/getpidcon.c
+++ b/libselinux/utils/getpidcon.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
@@ -21,7 +23,7 @@
rc = getpidcon(pid, &buf);
if (rc < 0) {
- fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
+ fprintf(stderr, "%s: getpidcon() failed: %s\n", argv[0], strerror(errno));
exit(3);
}
diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
index dd56f2c..5230bca 100644
--- a/libselinux/utils/policyvers.c
+++ b/libselinux/utils/policyvers.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc __attribute__ ((unused)), char **argv)
@@ -9,7 +11,7 @@
rc = security_policyvers();
if (rc < 0) {
- fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
+ fprintf(stderr, "%s: security_policyvers() failed: %s\n", argv[0], strerror(errno));
exit(2);
}
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index 49408a0..6a8313a 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -34,7 +34,7 @@
fp = popen(cmd, "r");
if (!fp) {
- printf("Failed to run command line\n");
+ fprintf(stderr, "Failed to run command '%s': %s\n", cmd, strerror(errno));
return -1;
}
diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
index e28833d..c4e0f83 100644
--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
+++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
@@ -77,7 +77,8 @@
hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
return -1;
}
diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c
index 1aef64d..112ffda 100644
--- a/libselinux/utils/selabel_lookup.c
+++ b/libselinux/utils/selabel_lookup.c
@@ -91,7 +91,8 @@
hnd = selabel_open(backend, selabel_option, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
return -1;
}
diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c
index 2cddc6c..a4af067 100644
--- a/libselinux/utils/selabel_lookup_best_match.c
+++ b/libselinux/utils/selabel_lookup_best_match.c
@@ -117,7 +117,8 @@
hnd = selabel_open(SELABEL_CTX_FILE, options, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
rc = -1;
goto out;
}
diff --git a/libselinux/utils/selabel_partial_match.c b/libselinux/utils/selabel_partial_match.c
index c5932cb..7bbd577 100644
--- a/libselinux/utils/selabel_partial_match.c
+++ b/libselinux/utils/selabel_partial_match.c
@@ -61,7 +61,8 @@
hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
if (!hnd) {
fprintf(stderr, "ERROR: selabel_open - Could not obtain "
- "handle.\n");
+ "handle: %s\n",
+ strerror(errno));
return -1;
}
diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
index 60a20a4..67c13dc 100644
--- a/libselinux/utils/setenforce.c
+++ b/libselinux/utils/setenforce.c
@@ -4,6 +4,7 @@
#include <ctype.h>
#include <string.h>
#include <strings.h>
+#include <errno.h>
#include <selinux/selinux.h>
static __attribute__ ((__noreturn__)) void usage(const char *progname)
@@ -35,7 +36,7 @@
usage(argv[0]);
}
if (rc < 0) {
- fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
+ fprintf(stderr, "%s: security_setenforce() failed: %s\n", argv[0], strerror(errno));
return 2;
}
return 0;
diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
index 79af55d..a3fbc3e 100644
--- a/libselinux/utils/setfilecon.c
+++ b/libselinux/utils/setfilecon.c
@@ -1,6 +1,8 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
@@ -15,8 +17,8 @@
for (i = 2; i < argc; i++) {
rc = setfilecon(argv[i], argv[1]);
if (rc < 0) {
- fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
- argv[0], argv[i], argv[1]);
+ fprintf(stderr, "%s: setfilecon(%s,%s) failed: %s\n",
+ argv[0], argv[i], argv[1], strerror(errno));
exit(2);
}
}
