X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Futils%2Fl_getsepol.c;h=990d0162c6be5740dda2829f18d5fe3b7722e827;hb=bf5e5a89f9f4680c42f768b8474a3ea0bc014b54;hp=effa8e109c5314e0d4ef827d058cacab6bef23c7;hpb=82b8cb5528f489e9ceb7a1899722fc4108e85739;p=fs%2Flustre-release.git

diff --git a/lustre/utils/l_getsepol.c b/lustre/utils/l_getsepol.c
index effa8e10..990d016 100644
--- a/lustre/utils/l_getsepol.c
+++ b/lustre/utils/l_getsepol.c
@@ -69,6 +69,8 @@ static void errlog(const char *fmt, ...)
 
 	va_start(args, fmt);
 	vsyslog(LOG_NOTICE, fmt, args);
+	if (isatty(STDIN_FILENO))
+		vfprintf(stderr, fmt, args);
 	va_end(args);
 
 	closelog();
@@ -205,7 +207,7 @@ int get_opts(int argc, char *const argv[])
 		ref_pol_mtime = (time_t)strtoul(sel_mtime, &res, 0);
 		if (*res != '\0') {
 			/* not a valid number */
-			errlog("invalid sel_mtime");
+			errlog("invalid sel_mtime\n");
 			return -EINVAL;
 		}
 	}
@@ -214,7 +216,7 @@ int get_opts(int argc, char *const argv[])
 		ref_selinux_mode = sel_mode[0] - '0';
 		if (ref_selinux_mode != 0 && ref_selinux_mode != 1) {
 			/* not a valid enforcing mode */
-			errlog("invalid sel_mode");
+			errlog("invalid sel_mode\n");
 			return -EINVAL;
 		}
 	}
@@ -329,8 +331,9 @@ int main(int argc, char **argv)
 	int policyver = 0;
 	char pol_bin_path[PATH_MAX + 1];
 	struct stat st;
-	time_t policymtime;
+	time_t policymtime = 0;
 	int enforce;
+	int is_selinux;
 	char *policy_type = NULL;
 	unsigned char *mdval = NULL;
 	unsigned int mdsize = 0;
@@ -342,25 +345,47 @@ int main(int argc, char **argv)
 	if (rc < 0)
 		goto out;
 
-	/* Version of loaded policy */
-	policyver = security_policyvers();
-	if (policyver < 0) {
-		errlog("unknown policy version: %s\n", strerror(errno));
+	is_selinux = is_selinux_enabled();
+	if (is_selinux < 0) {
+		errlog("is_selinux_enabled() failed\n");
 		rc = -errno;
 		goto out;
 	}
 
-	/* Path of binary policy file */
-	snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
-		 selinux_binary_policy_path(), policyver);
+	if (!is_selinux) {
+		errlog("SELinux is disabled, ptlrpc 'send_sepol' value should be set to 0\n");
+		rc = -ENODEV;
+		goto out;
+	}
 
-	/* Stat binary policy file */
-	if (stat(pol_bin_path, &st)) {
-		errlog("can't stat %s: %s\n", pol_bin_path, strerror(errno));
+	/* Max version of loaded policy */
+	policyver = security_policyvers();
+	if (policyver < 0) {
+		errlog("unknown policy version: %s\n", strerror(errno));
 		rc = -errno;
 		goto out;
 	}
-	policymtime = st.st_mtime;
+
+	while (policymtime == 0) {
+		/* Path of binary policy file */
+		snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
+			 selinux_binary_policy_path(), policyver);
+
+		/* Stat binary policy file */
+		if (stat(pol_bin_path, &st)) {
+			if (policyver > 0) {
+				policyver--;
+			} else {
+				errlog("can't stat %s.*: %s\n",
+				       selinux_binary_policy_path(),
+				       strerror(errno));
+				rc = -errno;
+				goto out;
+			}
+		} else {
+			policymtime = st.st_mtime;
+		}
+	}
 
 	/* Determine if SELinux is in permissive or enforcing mode */
 	enforce = security_getenforce();