policycoreutils: semodule: Enable CIL logging

semodule -v will turn on semodule's own verbose logging but not logging from CIL. This change makes the verbose flag also set cil's log level. By default (ie no -v flag), this will enable CIL_ERR, and each -v will increase the level from there. Tested with a duplicated fcontext in the policy. Before this change: # semodule -v -B Committing changes: Problems processing filecon rules Failed post db handling semodule: Failed! After this change: # semodule -v -B [ ... snip ... ] Found conflicting filecon rules at /var/lib/selinux/mcs/tmp/modules/400/mycustom/cil:159 at /var/lib/selinux/mcs/tmp/modules/400/mycustom/cil:158 Problems processing filecon rules Failed post db handling semodule: Failed! Closes: SELinuxProject#176 Signed-off-by: Jason Zaman <[email protected]>
makesoftwaresafe · Oct 23, 2019 · 06040cd · 06040cd
1 parent 9be4e74
commit 06040cd
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
@@ -22,6 +22,7 @@
 #include <libgen.h>
 #include <limits.h>
 
+#include <sepol/cil/cil.h>
 #include <semanage/modules.h>
 
 enum client_modes {
@@ -238,7 +239,7 @@ static void parse_command_line(int argc, char **argv)
 			set_mode(LIST_M, optarg);
 			break;
 		case 'v':
-			verbose = 1;
+			verbose++;
 			break;
 		case 'r':
 			set_mode(REMOVE_M, optarg);
@@ -350,6 +351,8 @@ int main(int argc, char *argv[])
 	}
 	parse_command_line(argc, argv);
 
+	cil_set_log_level(CIL_ERR + verbose);
+
 	if (build)
 		commit = 1;